diff --git a/ObjXMPP.xcodeproj/project.pbxproj b/ObjXMPP.xcodeproj/project.pbxproj index 1357472..a4a6eea 100644 --- a/ObjXMPP.xcodeproj/project.pbxproj +++ b/ObjXMPP.xcodeproj/project.pbxproj @@ -11,7 +11,6 @@ 4B1295F11337C37E00154B25 /* ObjXMPP.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4BC559911337A65400E345C7 /* ObjXMPP.framework */; }; 4B1295F21337C3CF00154B25 /* ObjFW.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4BC559D61337ABD300E345C7 /* ObjFW.framework */; }; 4BC559D71337ABD300E345C7 /* ObjFW.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4BC559D61337ABD300E345C7 /* ObjFW.framework */; }; - 4BC559EB1337AC0900E345C7 /* arc4random_uniform.m in Sources */ = {isa = PBXBuildFile; fileRef = 4BC559D91337AC0900E345C7 /* arc4random_uniform.m */; }; 4BC559EC1337AC0900E345C7 /* XMPPAuthenticator.h in Headers */ = {isa = PBXBuildFile; fileRef = 4BC559DA1337AC0900E345C7 /* XMPPAuthenticator.h */; settings = {ATTRIBUTES = (Public, ); }; }; 4BC559ED1337AC0900E345C7 /* XMPPAuthenticator.m in Sources */ = {isa = PBXBuildFile; fileRef = 4BC559DB1337AC0900E345C7 /* XMPPAuthenticator.m */; }; 4BC559EE1337AC0900E345C7 /* XMPPConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = 4BC559DC1337AC0900E345C7 /* XMPPConnection.h */; settings = {ATTRIBUTES = (Public, ); }; }; @@ -56,7 +55,6 @@ 4B1295EE1337BD5F00154B25 /* test.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = test.m; path = tests/test.m; sourceTree = SOURCE_ROOT; }; 4BC559911337A65400E345C7 /* ObjXMPP.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = ObjXMPP.framework; sourceTree = BUILT_PRODUCTS_DIR; }; 4BC559D61337ABD300E345C7 /* ObjFW.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ObjFW.framework; path = ../../../../Library/Frameworks/ObjFW.framework; sourceTree = ""; }; - 4BC559D91337AC0900E345C7 /* arc4random_uniform.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = arc4random_uniform.m; path = src/arc4random_uniform.m; sourceTree = SOURCE_ROOT; }; 4BC559DA1337AC0900E345C7 /* XMPPAuthenticator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XMPPAuthenticator.h; path = src/XMPPAuthenticator.h; sourceTree = SOURCE_ROOT; }; 4BC559DB1337AC0900E345C7 /* XMPPAuthenticator.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = XMPPAuthenticator.m; path = src/XMPPAuthenticator.m; sourceTree = SOURCE_ROOT; }; 4BC559DC1337AC0900E345C7 /* XMPPConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XMPPConnection.h; path = src/XMPPConnection.h; sourceTree = SOURCE_ROOT; }; @@ -171,7 +169,6 @@ 4BC559FD1337AC1800E345C7 /* XMPPSCRAMAuth.m */, 4BC559FE1337AC1800E345C7 /* XMPPStanza.h */, 4BC559FF1337AC1800E345C7 /* XMPPStanza.m */, - 4BC559D91337AC0900E345C7 /* arc4random_uniform.m */, ); path = ObjXMPP; sourceTree = ""; @@ -290,7 +287,6 @@ isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( - 4BC559EB1337AC0900E345C7 /* arc4random_uniform.m in Sources */, 4BC559ED1337AC0900E345C7 /* XMPPAuthenticator.m in Sources */, 4BC559EF1337AC0900E345C7 /* XMPPConnection.m in Sources */, 4BC559F11337AC0900E345C7 /* XMPPExceptions.m in Sources */, @@ -396,6 +392,11 @@ GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_VERSION = 4.2; INFOPLIST_FILE = Info.plist; + OTHER_LDFLAGS = ( + "-lcrypto", + "-L/opt/local/lib", + "-lidn", + ); PRODUCT_NAME = "$(TARGET_NAME)"; WRAPPER_EXTENSION = framework; }; @@ -414,6 +415,11 @@ GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_VERSION = 4.2; INFOPLIST_FILE = Info.plist; + OTHER_LDFLAGS = ( + "-lcrypto", + "-L/opt/local/lib", + "-lidn", + ); PRODUCT_NAME = "$(TARGET_NAME)"; WRAPPER_EXTENSION = framework; }; diff --git a/configure.ac b/configure.ac index ffd3dda..eec9665 100644 --- a/configure.ac +++ b/configure.ac @@ -34,7 +34,7 @@ AS_IF([test x"$enable_static" = x"yes" -o x"$enable_shared" = x"no"], [ ]) AC_CHECK_LIB(objopenssl, main, [ - LIBS="$LIBS -lobjopenssl" + LIBS="$LIBS -lobjopenssl -lcrypto" ], [ AC_MSG_ERROR(You need ObjOpenSSL installed!) ]) diff --git a/src/Makefile b/src/Makefile index dda0e3a..d91b0e3 100644 --- a/src/Makefile +++ b/src/Makefile @@ -18,9 +18,7 @@ SRCS = XMPPAuthenticator.m \ XMPPSCRAMAuth.m \ XMPPStanza.m -INCLUDES := ${SRCS:.m=.h} - -SRCS += arc4random_uniform.m +INCLUDES = ${SRCS:.m=.h} include ../buildsys.mk diff --git a/src/XMPPSCRAMAuth.m b/src/XMPPSCRAMAuth.m index 0450a49..6496874 100644 --- a/src/XMPPSCRAMAuth.m +++ b/src/XMPPSCRAMAuth.m @@ -23,16 +23,16 @@ #include +#include + +#include + #import "XMPPSCRAMAuth.h" #import "XMPPExceptions.h" #define HMAC_IPAD 0x36 #define HMAC_OPAD 0x5c -#ifndef HAVE_ARC4RANDOM_UNIFORM -extern uint32_t arc4random_uniform(uint32_t); -#endif - @implementation XMPPSCRAMAuth + SCRAMAuthWithAuthcid: (OFString*)authcid password: (OFString*)password @@ -348,15 +348,22 @@ extern uint32_t arc4random_uniform(uint32_t); - (OFString*)XMPP_genNonce { - OFMutableString *nonce = [OFMutableString string]; - uint32_t res, i; + uint8_t buf[64]; + size_t i; + + assert(RAND_pseudo_bytes(buf, 64) >= 0); for (i = 0; i < 64; i++) { - while ((res = arc4random_uniform('~' - '!' + 1) + '!') == ','); - [nonce appendFormat: @"%c", res]; + uint8_t tmp = (buf[i] % ('~' - '!')) + '!'; + + while (tmp == ',') + tmp = ((buf[i] >> 1) % ('~' - '!')) + '!'; + + buf[i] = tmp; } - return nonce; + return [OFString stringWithCString: (char*)buf + length: 64]; } - (uint8_t*)XMPP_HMACWithKey: (OFDataArray*)key diff --git a/src/arc4random_uniform.m b/src/arc4random_uniform.m deleted file mode 100644 index 2e01eec..0000000 --- a/src/arc4random_uniform.m +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 1996, David Mazieres - * Copyright (c) 2008, Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Arc4 random number generator for OpenBSD. - * - * This code is derived from section 17.1 of Applied Cryptography, - * second edition, which describes a stream cipher allegedly - * compatible with RSA Labs "RC4" cipher (the actual description of - * which is a trade secret). The same algorithm is used as a stream - * cipher called "arcfour" in Tatu Ylonen's ssh package. - * - * RC4 is a registered trademark of RSA Laboratories. - */ - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || \ - defined(__APPLE__) -# include -#else -# include -#endif -#include - -/* - * Calculate a uniformly distributed random number less than upper_bound - * avoiding "modulo bias". - * - * Uniformity is achieved by generating new random numbers until the one - * returned is outside the range [0, 2**32 % upper_bound). This - * guarantees the selected random number will be inside - * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) - * after reduction modulo upper_bound. - */ -uint32_t -arc4random_uniform(uint32_t upper_bound) -{ - uint32_t r, min; - - if (upper_bound < 2) - return 0; - -#if (ULONG_MAX > 0xffffffffUL) - min = 0x100000000UL % upper_bound; -#else - /* Calculate (2**32 % upper_bound) avoiding 64-bit math */ - if (upper_bound > 0x80000000) - min = 1 + ~upper_bound; /* 2**32 - upper_bound */ - else { - /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */ - min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound; - } -#endif - - /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. - */ - for (;;) { - r = arc4random(); - if (r >= min) - break; - } - - return r % upper_bound; -}