#3634, #3557: Port from iOS: Compile with Apple crypto framework inst…

…ead of OpenSSL.

CMakeLists.txt

@@ -68,7 +68,13 @@ if(ENABLE_GAME OR ENABLE_TESTS)
 	find_package(GLEW REQUIRED)
 	find_package(SDL2 2.0.4 REQUIRED)
 endif(ENABLE_GAME OR ENABLE_TESTS)
-find_package(Crypto 1.0 REQUIRED)
+
+if(NOT APPLE)
+	find_package(Crypto 1.0 REQUIRED)
+else()
+	set(CRYPTO_LIBRARY "-framework Security")
+endif()
+
 find_package(Boost 1.56 REQUIRED COMPONENTS iostreams program_options regex system thread random)
 
 # no, gettext executables are not required when NLS is deactivated

SConstruct

@@ -360,7 +360,6 @@ if env["prereqs"]:
 
     have_server_prereqs = (\
         conf.CheckCPlusPlus(gcc_version = "4.8") & \
-        conf.CheckLib("libcrypto") & \
         conf.CheckBoost("iostreams", require_version = boost_version) & \
         conf.CheckBoostIostreamsGZip() & \
         conf.CheckBoostIostreamsBZip2() & \
@@ -379,6 +378,10 @@ if env["prereqs"]:
     if env['harden']:
         env["have_fortify"] = conf.CheckFortifySource()
 
+    if(env["PLATFORM"] != 'darwin'):
+        # Otherwise, use Security.framework
+        have_server_prereqs = have_server_prereqs & conf.CheckLib("libcrypto")
+
     env = conf.Finish()
 
     client_env = env.Clone()
@@ -618,6 +621,7 @@ for env in [test_env, client_env, env]:
 
     if env["PLATFORM"] == 'darwin':            # Mac OS X
         env.Append(FRAMEWORKS = "Cocoa")            # Cocoa GUI
+        env.Append(FRAMEWORKS = "Security")         # commonCrypto (after OpenSSL replacement on Mac)
 
 if not env['static_test']:
     test_env.Append(CPPDEFINES = "BOOST_TEST_DYN_LINK")

projectfiles/Xcode/Wesnoth.xcodeproj/project.pbxproj

@@ -57,7 +57,6 @@
 		46F57086205FCE79007031BF /* hash.cpp in Sources */ = {isa = PBXBuildFile; fileRef = B52EE8AD121359A600CFBDAB /* hash.cpp */; };
 		46F57087205FCF5D007031BF /* filesystem_sdl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 91FBBAD71CB6BC3F00470BFE /* filesystem_sdl.cpp */; };
 		46F57088205FCF7E007031BF /* config_attribute_value.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EC0341DF1ECF46FE000F2E2B /* config_attribute_value.cpp */; };
-		46F57099205FD0BF007031BF /* libcrypto.1.1.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 90BC845A1EDBD7B600A6630D /* libcrypto.1.1.dylib */; };
 		46F5709A205FE48C007031BF /* string_utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = B55999AF0EC62181008DD061 /* string_utils.cpp */; };
 		46F570A6205FF856007031BF /* addon_utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 46F5709E205FF856007031BF /* addon_utils.cpp */; };
 		46F570A7205FF856007031BF /* blacklist.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 46F570A2205FF856007031BF /* blacklist.cpp */; };
@@ -493,11 +492,7 @@
 		8D11072F0486CEB800E47090 /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1058C7A1FEA54F0111CA2CBB /* Cocoa.framework */; };
 		903F959C1ED5489500F1BDD3 /* credentials.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 903F959B1ED5489500F1BDD3 /* credentials.cpp */; };
 		903F959F1ED5496700F1BDD3 /* hash.cpp in Sources */ = {isa = PBXBuildFile; fileRef = B52EE8AD121359A600CFBDAB /* hash.cpp */; };
-		905440871EE46ABC0091D1AE /* libcrypto.1.1.dylib in Copy Frameworks */ = {isa = PBXBuildFile; fileRef = 90BC845A1EDBD7B600A6630D /* libcrypto.1.1.dylib */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; };
 		90606A2B1D5599BA00719B40 /* libpcre.1.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 90606A2A1D5599BA00719B40 /* libpcre.1.dylib */; };
-		90BC845B1EDBD7B600A6630D /* libcrypto.1.1.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 90BC845A1EDBD7B600A6630D /* libcrypto.1.1.dylib */; };
-		90BC845C1EDBD7B600A6630D /* libcrypto.1.1.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 90BC845A1EDBD7B600A6630D /* libcrypto.1.1.dylib */; };
-		90BC845D1EDBD7B600A6630D /* libcrypto.1.1.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 90BC845A1EDBD7B600A6630D /* libcrypto.1.1.dylib */; };
 		9107AE181DB32899001927B0 /* lapi.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EC89A1061879D17D00A3B0B1 /* lapi.cpp */; };
 		9107AE191DB3289D001927B0 /* lauxlib.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EC89A1071879D17D00A3B0B1 /* lauxlib.cpp */; };
 		9107AE1A1DB328A2001927B0 /* lbaselib.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EC89A1081879D17D00A3B0B1 /* lbaselib.cpp */; };
@@ -1401,7 +1396,6 @@
 			dstPath = "";
 			dstSubfolderSpec = 10;
 			files = (
-				905440871EE46ABC0091D1AE /* libcrypto.1.1.dylib in Copy Frameworks */,
 				91B622011B76C0A600B00E0F /* libboost_filesystem-mt.dylib in Copy Frameworks */,
 				91B622021B76C0A600B00E0F /* libboost_iostreams-mt.dylib in Copy Frameworks */,
 				91B622031B76C0A600B00E0F /* libboost_locale-mt.dylib in Copy Frameworks */,
@@ -1452,6 +1446,7 @@
 
 /* Begin PBXFileReference section */
 		1058C7A1FEA54F0111CA2CBB /* Cocoa.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Cocoa.framework; path = System/Library/Frameworks/Cocoa.framework; sourceTree = SDKROOT; };
+		1C58BBDF21822A930078D25A /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; };
 		4638966F2034180800075E54 /* deprecation.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = deprecation.hpp; sourceTree = "<group>"; };
 		463896702034180900075E54 /* deprecation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = deprecation.cpp; sourceTree = "<group>"; };
 		4649B879202886F000827CFB /* test_irdya_date.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = test_irdya_date.cpp; sourceTree = "<group>"; };
@@ -1969,7 +1964,6 @@
 		903F959B1ED5489500F1BDD3 /* credentials.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = credentials.cpp; path = preferences/credentials.cpp; sourceTree = "<group>"; };
 		903F959D1ED5489D00F1BDD3 /* credentials.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = credentials.hpp; path = preferences/credentials.hpp; sourceTree = "<group>"; };
 		90606A2A1D5599BA00719B40 /* libpcre.1.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libpcre.1.dylib; path = lib/libpcre.1.dylib; sourceTree = "<group>"; };
-		90BC845A1EDBD7B600A6630D /* libcrypto.1.1.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcrypto.1.1.dylib; path = lib/libcrypto.1.1.dylib; sourceTree = "<group>"; };
 		9107AE141DB32862001927B0 /* liblua.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = liblua.a; sourceTree = BUILT_PRODUCTS_DIR; };
 		9107AE551DB5BD3B001927B0 /* lprefix.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = lprefix.h; sourceTree = "<group>"; };
 		9107AE561DB5BD49001927B0 /* lutf8lib.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = lutf8lib.cpp; sourceTree = "<group>"; };
@@ -2800,7 +2794,6 @@
 				91B622211B76C0F400B00E0F /* libboost_random-mt.dylib in Frameworks */,
 				91B622221B76C0F400B00E0F /* libboost_regex-mt.dylib in Frameworks */,
 				91B622231B76C0F400B00E0F /* libboost_system-mt.dylib in Frameworks */,
-				90BC845B1EDBD7B600A6630D /* libcrypto.1.1.dylib in Frameworks */,
 				EC5C243B18EF07B4001FA499 /* libbz2.1.0.dylib in Frameworks */,
 				B513B2290ED36BFB0006E551 /* libcairo.2.dylib in Frameworks */,
 				EC5C243C18EF07B4001FA499 /* libexpat.1.dylib in Frameworks */,
@@ -2845,7 +2838,6 @@
 			files = (
 				91C548C31D8866ED00FE6A7B /* CoreFoundation.framework in Frameworks */,
 				91C548E21D886E9000FE6A7B /* libboost_system-mt.dylib in Frameworks */,
-				46F57099205FD0BF007031BF /* libcrypto.1.1.dylib in Frameworks */,
 				91C548E81D886F1E00FE6A7B /* libboost_locale-mt.dylib in Frameworks */,
 				91C548ED1D886FC500FE6A7B /* libboost_filesystem-mt.dylib in Frameworks */,
 				91C548EE1D886FCE00FE6A7B /* libboost_iostreams-mt.dylib in Frameworks */,
@@ -2874,7 +2866,6 @@
 				46F92F242174FF6700602C1C /* libboost_thread-mt.dylib in Frameworks */,
 				91A215DF1CAD99E000927AEA /* libboost_iostreams-mt.dylib in Frameworks */,
 				91A215E01CAD99E000927AEA /* libboost_system-mt.dylib in Frameworks */,
-				90BC845D1EDBD7B600A6630D /* libcrypto.1.1.dylib in Frameworks */,
 				46F92EBA2174F9AF00602C1C /* SDL2.framework in Frameworks */,
 				91A215E21CAD9B9000927AEA /* libpango-1.0.0.dylib in Frameworks */,
 				91A215E31CAD9B9000927AEA /* libpangocairo-1.0.0.dylib in Frameworks */,
@@ -2892,7 +2883,6 @@
 			buildActionMask = 2147483647;
 			files = (
 				46F92EB92174F9AF00602C1C /* SDL2.framework in Frameworks */,
-				90BC845C1EDBD7B600A6630D /* libcrypto.1.1.dylib in Frameworks */,
 				F4D2A9D514DAED4200CAFF31 /* CoreFoundation.framework in Frameworks */,
 				ECF9D44119F4042700E6C9D9 /* libboost_filesystem-mt.dylib in Frameworks */,
 				F4EF0D4D13AD4D53003C701D /* libboost_iostreams-mt.dylib in Frameworks */,
@@ -2926,6 +2916,7 @@
 		1058C7A0FEA54F0111CA2CBB /* Linked System Frameworks */ = {
 			isa = PBXGroup;
 			children = (
+				1C58BBDF21822A930078D25A /* Security.framework */,
 				1058C7A1FEA54F0111CA2CBB /* Cocoa.framework */,
 				F4D2A99514DAED0E00CAFF31 /* CoreFoundation.framework */,
 			);
@@ -3277,7 +3268,6 @@
 				91E355621CACA1CE00774252 /* libboost_unit_test_framework-mt.dylib */,
 				EC5C242218EF07B4001FA499 /* libbz2.1.0.dylib */,
 				B513B2270ED36BFB0006E551 /* libcairo.2.dylib */,
-				90BC845A1EDBD7B600A6630D /* libcrypto.1.1.dylib */,
 				EC5C242318EF07B4001FA499 /* libexpat.1.dylib */,
 				EC5C242418EF07B4001FA499 /* libffi.6.dylib */,
 				EC5C242518EF07B4001FA499 /* libfontconfig.1.dylib */,

src/build_info.cpp

@@ -33,8 +33,10 @@
 
 #include <boost/version.hpp>
 
+#ifndef __APPLE__
 #include <openssl/crypto.h>
 #include <openssl/opensslv.h>
+#endif
 
 #include <pango/pangocairo.h>
 
@@ -73,6 +75,8 @@ std::string format_version(const SDL_version& v)
 						<< unsigned(v.patch);
 }
 
+#ifndef __APPLE__
+
 std::string format_openssl_patch_level(uint8_t p)
 {
 	return p <= 26
@@ -159,6 +163,8 @@ std::string format_openssl_version(long v)
 
 }
 
+#endif
+
 version_table_manager::version_table_manager()
 	: compiled(LIB_COUNT, "")
 	, linked(LIB_COUNT, "")
@@ -234,9 +240,11 @@ version_table_manager::version_table_manager()
 	// OpenSSL/libcrypto
 	//
 
+#ifndef __APPLE__
 	compiled[LIB_CRYPTO] = format_openssl_version(OPENSSL_VERSION_NUMBER);
 	linked[LIB_CRYPTO] = format_openssl_version(SSLeay());
 	names[LIB_CRYPTO] = "OpenSSL/libcrypto";
+#endif
 
 	//
 	// Cairo

src/hash.cpp

@@ -22,16 +22,27 @@
 #include <string.h>
 #include <assert.h>
 
-#include <openssl/sha.h>
-#include <openssl/md5.h>
-
 extern "C" {
 #include "crypt_blowfish/crypt_blowfish.h"
 }
 
+#ifndef __APPLE__
+
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+
 static_assert(utils::md5::DIGEST_SIZE == MD5_DIGEST_LENGTH, "Constants mismatch");
 static_assert(utils::sha1::DIGEST_SIZE == SHA_DIGEST_LENGTH, "Constants mismatch");
 
+#else
+
+#include <CommonCrypto/CommonDigest.h>
+
+static_assert(utils::md5::DIGEST_SIZE == CC_MD5_DIGEST_LENGTH, "Constants mismatch");
+static_assert(utils::sha1::DIGEST_SIZE == CC_SHA1_DIGEST_LENGTH, "Constants mismatch");
+
+#endif
+
 namespace {
 
 const std::string hash_prefix = "$H$";
@@ -57,10 +68,16 @@ std::string hexencode_hash(const std::array<uint8_t, len>& input) {
 namespace utils {
 
 md5::md5(const std::string& input) {
+
+#ifndef __APPLE__
 	MD5_CTX md5_worker;
 	MD5_Init(&md5_worker);
 	MD5_Update(&md5_worker, input.data(), input.size());
 	MD5_Final(hash.data(), &md5_worker);
+#else
+	CC_MD5(input.data(), static_cast<CC_LONG>(input.size()), hash.data());
+#endif
+
 }
 
 int md5::get_iteration_count(const std::string& hash) {
@@ -108,10 +125,14 @@ std::string md5::base64_digest() const
 
 sha1::sha1(const std::string& str)
 {
+#ifndef __APPLE__
 	SHA_CTX hasher;
 	SHA1_Init(&hasher);
 	SHA1_Update(&hasher, str.data(), str.size());
 	SHA1_Final(hash.data(), &hasher);
+#else
+	CC_MD5(str.data(), static_cast<CC_LONG>(str.size()), hash.data());
+#endif
 }
 
 std::string sha1::hex_digest() const

src/preferences/credentials.cpp

@@ -21,7 +21,12 @@ See the COPYING file for more details.
 
 #include <algorithm>
 #include <memory>
+
+#ifndef __APPLE__
 #include <openssl/rc4.h>
+#else
+#include <CommonCrypto/CommonCryptor.h>
+#endif
 
 #ifdef _WIN32
 #include <boost/range/iterator_range.hpp>
@@ -254,19 +259,37 @@ secure_buffer build_key(const std::string& server, const std::string& login)
 
 static secure_buffer rc4_crypt(const secure_buffer& text, const secure_buffer& key)
 {
+	secure_buffer result(text.size(), '\0');
+#ifndef __APPLE__
 	RC4_KEY cipher_key;
 	RC4_set_key(&cipher_key, key.size(), key.data());
 	const std::size_t block_size = key.size();
 	const std::size_t blocks = text.size() / block_size;
 	const std::size_t extra = text.size() % block_size;
-	secure_buffer result(text.size(), '\0');
 	for(std::size_t i = 0; i < blocks * block_size; i += block_size) {
 		RC4(&cipher_key, block_size, text.data() + i, result.data() + i);
 	}
 	if(extra) {
 		std::size_t i = blocks * block_size;
 		RC4(&cipher_key, extra, text.data() + i, result.data() + i);
 	}
+#else
+	size_t outWritten = 0;
+	CCCryptorStatus ccStatus = CCCrypt(kCCDecrypt,
+		kCCAlgorithmRC4,
+		kCCOptionPKCS7Padding,
+		key.data(),
+		key.size(),
+		nullptr,
+		text.data(),
+		text.size(),
+		result.data(),
+		result.size(),
+		&outWritten);
+
+	assert(ccStatus == kCCSuccess);
+	assert(outWritten == text.size());
+#endif
 	return result;
 }
 

src/server/user_handler.cpp

@@ -16,7 +16,12 @@
 #include "config.hpp"
 #include "random.hpp"
 #include "serialization/base64.hpp"
+
+#ifndef __APPLE__
 #include <openssl/rand.h>
+#else
+#include <cstdlib>
+#endif
 
 #include <array>
 #include <ctime>
@@ -53,20 +58,26 @@ std::string user_handler::create_unsecure_nonce(int length) {
 	return  ss.str();
 }
 
+#ifndef __APPLE__
 namespace {
 	class RAND_bytes_exception: public std::exception
 	{
 	};
 }
+#endif
 
 std::string user_handler::create_secure_nonce()
 {
 	// Must be full base64 encodings (3 bytes = 4 chars) else we skew the PRNG results
 	std::array<unsigned char, (3 * 32) / 4> buf;
 
+#ifndef __APPLE__
 	if(!RAND_bytes(buf.data(), buf.size())) {
 		throw RAND_bytes_exception();
 	}
+#else
+	arc4random_buf(buf.data(), buf.size());
+#endif
 
 	return base64::encode({buf.data(), buf.size()});
 }

utils/travis/steps/install.sh

@@ -23,10 +23,7 @@ if [ "$TRAVIS_OS_NAME" = "osx" ]; then
         brew install ccache
         travis_wait ./projectfiles/Xcode/Fix_Xcode_Dependencies
     else
-        brew install scons cairo pango moreutils sdl2_image sdl2_ttf sdl2_mixer openssl glew ccache
-        export CXXFLAGS="-I/usr/local/opt/openssl/include $CFLAGS"
-        export LDFLAGS="-L/usr/local/opt/openssl/lib $LDFLAGS"
-        export PATH="/usr/local/opt/openssl/include:$PATH"
+        brew install scons cairo pango moreutils sdl2_image sdl2_ttf sdl2_mixer glew ccache
     fi
 else
     if [ "$NLS" != "true" ]; then