Sapian
/
asterisk
mirror of http://gerrit.asterisk.org/asterisk
3
0
Fork 0
Code Issues Releases Wiki Activity

use the OpenSSL AES implementation if it's available (unless configured not to)

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@66071 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1.6.0
Kevin P. Fleming 18 years ago
parent a3d04ce638
commit 4573b36af1
12 changed files with 710 additions and 184 deletions
Show Stats Download Patch File Download Diff File

1
build_tools/menuselect-deps.in
Unescape View File

@ -26,6 +26,7 @@ SPEEX=@PBX_SPEEX@
SQLITE=@PBX_SQLITE@
SQLITE3=@PBX_SQLITE3@
SSL=@PBX_OPENSSL@
CRYPTO=@PBX_CRYPTO@
TONEZONE=@PBX_TONEZONE@
UNIXODBC=@PBX_UNIXODBC@
VORBIS=@PBX_VORBIS@

29
channels/chan_iax2.c
Unescape View File

@ -30,6 +30,7 @@
/*** MODULEINFO
<use>zaptel</use>
<use>crypto</use>
***/
#include "asterisk.h"
@ -594,9 +595,9 @@ struct chan_iax2_pvt {
/*! permitted encryption methods */
int encmethods;
/*! Encryption AES-128 Key */
aes_encrypt_ctx ecx;
ast_aes_encrypt_key ecx;
/*! Decryption AES-128 Key */
aes_decrypt_ctx dcx;
ast_aes_decrypt_key dcx;
/*! 32 bytes of semi-random data */
unsigned char semirand[32];
/*! Associated registry */
@ -615,8 +616,8 @@ struct chan_iax2_pvt {
struct sockaddr_in transfer;
/*! What's the new call number for the transfer */
unsigned short transfercallno;
/*! Transfer decrypt AES-128 Key */
aes_encrypt_ctx tdcx;
/*! Transfer encrypt AES-128 Key */
ast_aes_encrypt_key tdcx;
/*! Status of knowledge of peer ADSI capability */
int peeradsicpe;
@ -3804,13 +3805,13 @@ static int iax2_trunk_queue(struct chan_iax2_pvt *pvt, struct iax_frame *fr)
return 0;
}
static void build_enc_keys(const unsigned char *digest, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
static void build_enc_keys(const unsigned char *digest, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
{
aes_encrypt_key128(digest, ecx);
aes_decrypt_key128(digest, dcx);
ast_aes_encrypt_key(digest, ecx);
ast_aes_decrypt_key(digest, dcx);
}
static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, aes_decrypt_ctx *dcx)
static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_decrypt_key *dcx)
{
#if 0
/* Debug with "fake encryption" */
@ -3823,7 +3824,7 @@ static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len
unsigned char lastblock[16] = { 0 };
int x;
while(len > 0) {
aes_decrypt(src, dst, dcx);
ast_aes_decrypt(src, dst, dcx);
for (x=0;x<16;x++)
dst[x] ^= lastblock[x];
memcpy(lastblock, src, sizeof(lastblock));
@ -3834,7 +3835,7 @@ static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len
#endif
}
static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, aes_encrypt_ctx *ecx)
static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_encrypt_key *ecx)
{
#if 0
/* Debug with "fake encryption" */
@ -3849,7 +3850,7 @@ static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len
while(len > 0) {
for (x=0;x<16;x++)
curblock[x] ^= src[x];
aes_encrypt(curblock, dst, ecx);
ast_aes_encrypt(curblock, dst, ecx);
memcpy(curblock, dst, sizeof(curblock));
dst += 16;
src += 16;
@ -3858,7 +3859,7 @@ static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len
#endif
}
static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
static int decode_frame(ast_aes_decrypt_key *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
{
int padding;
unsigned char *workspace;
@ -3903,7 +3904,7 @@ static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, stru
return 0;
}
static int encrypt_frame(aes_encrypt_ctx *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
static int encrypt_frame(ast_aes_encrypt_key *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
{
int padding;
unsigned char *workspace;
@ -5262,7 +5263,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies *
}
static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
{
int res = -1;
int x;

449
configure vendored
Unescape View File

@ -737,6 +737,10 @@ CURSES_LIB
CURSES_INCLUDE
CURSES_DIR
PBX_CURSES
CRYPTO_LIB
CRYPTO_INCLUDE
CRYPTO_DIR
PBX_CRYPTO
GNUTLS_LIB
GNUTLS_INCLUDE
GNUTLS_DIR
@ -1521,6 +1525,7 @@ Optional Packages:
--with-cap=PATH use POSIX 1.e capabilities files in PATH
--with-curl=PATH use cURL files in PATH
--with-curses=PATH use curses files in PATH
--with-crypto=PATH use OpenSSL Cryptography Support files in PATH
--with-gnutls=PATH use GNU TLS support (used for iksemel only) files in
PATH
--with-gsm=PATH use GSM files in PATH , or 'internal'
@ -7784,6 +7789,34 @@ PBX_CURSES=0
CRYPTO_DESCRIP="OpenSSL Cryptography Support"
CRYPTO_OPTION="crypto"
# Check whether --with-crypto was given.
if test "${with_crypto+set}" = set; then
withval=$with_crypto;
case ${withval} in
n|no)
USE_CRYPTO=no
;;
y|ye|yes)
ac_mandatory_list="${ac_mandatory_list} CRYPTO"
;;
*)
CRYPTO_DIR="${withval}"
ac_mandatory_list="${ac_mandatory_list} CRYPTO"
;;
esac
fi
PBX_CRYPTO=0
GNUTLS_DESCRIP="GNU TLS support (used for iksemel only)"
GNUTLS_OPTION="gnutls"
@ -29239,6 +29272,399 @@ fi
if test "x${PBX_CRYPTO}" != "x1" -a "${USE_CRYPTO}" != "no"; then
pbxlibdir=""
if test "x${CRYPTO_DIR}" != "x"; then
if test -d ${CRYPTO_DIR}/lib; then
pbxlibdir="-L${CRYPTO_DIR}/lib"
else
pbxlibdir="-L${CRYPTO_DIR}"
fi
fi
pbxfuncname="AES_encrypt"
if test "x${pbxfuncname}" = "x" ; then # empty lib, assume only headers
AST_CRYPTO_FOUND=yes
else
as_ac_Lib=`echo "ac_cv_lib_crypto_${pbxfuncname}" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for ${pbxfuncname} in -lcrypto" >&5
echo $ECHO_N "checking for ${pbxfuncname} in -lcrypto... $ECHO_C" >&6; }
if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lcrypto ${pbxlibdir} $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char ${pbxfuncname} ();
int
main ()
{
return ${pbxfuncname} ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
eval "$as_ac_Lib=yes"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_Lib=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
ac_res=`eval echo '${'$as_ac_Lib'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
if test `eval echo '${'$as_ac_Lib'}'` = yes; then
AST_CRYPTO_FOUND=yes
else
AST_CRYPTO_FOUND=no
fi
fi
if test "${AST_CRYPTO_FOUND}" = "yes"; then
CRYPTO_LIB="-lcrypto "
CRYPTO_HEADER_FOUND="1"
if test "x${CRYPTO_DIR}" != "x"; then
CRYPTO_LIB="${pbxlibdir} ${CRYPTO_LIB}"
CRYPTO_INCLUDE="-I${CRYPTO_DIR}/include"
saved_cppflags="${CPPFLAGS}"
CPPFLAGS="${CPPFLAGS} -I${CRYPTO_DIR}/include"
if test "xopenssl/aes.h" != "x" ; then
as_ac_Header=`echo "ac_cv_header_${CRYPTO_DIR}/include/openssl/aes.h" | $as_tr_sh`
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
{ echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
fi
ac_res=`eval echo '${'$as_ac_Header'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
else
# Is the header compilable?
{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h usability" >&5
echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h usability... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <${CRYPTO_DIR}/include/openssl/aes.h>
_ACEOF
rm -f conftest.$ac_objext
if { (ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_compile") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest.$ac_objext; then
ac_header_compiler=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_compiler=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
echo "${ECHO_T}$ac_header_compiler" >&6; }
# Is the header present?
{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h presence" >&5
echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h presence... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <${CRYPTO_DIR}/include/openssl/aes.h>
_ACEOF
if { (ac_try="$ac_cpp conftest.$ac_ext"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null && {
test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
test ! -s conftest.err
}; then
ac_header_preproc=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_preproc=no
fi
rm -f conftest.err conftest.$ac_ext
{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
echo "${ECHO_T}$ac_header_preproc" >&6; }
# So? What about this header?
case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
yes:no: )
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&2;}
ac_header_preproc=yes
;;
no:yes:* )
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&2;}
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&2;}
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&2;}
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;}
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&2;}
{ echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&5
echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&2;}
;;
esac
{ echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
eval "$as_ac_Header=\$ac_header_preproc"
fi
ac_res=`eval echo '${'$as_ac_Header'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
fi
if test `eval echo '${'$as_ac_Header'}'` = yes; then
CRYPTO_HEADER_FOUND=1
else
CRYPTO_HEADER_FOUND=0
fi
fi
CPPFLAGS="${saved_cppflags}"
else
if test "xopenssl/aes.h" != "x" ; then
if test "${ac_cv_header_openssl_aes_h+set}" = set; then
{ echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
if test "${ac_cv_header_openssl_aes_h+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
fi
{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
else
# Is the header compilable?
{ echo "$as_me:$LINENO: checking openssl/aes.h usability" >&5
echo $ECHO_N "checking openssl/aes.h usability... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <openssl/aes.h>
_ACEOF
rm -f conftest.$ac_objext
if { (ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_compile") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest.$ac_objext; then
ac_header_compiler=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_compiler=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
echo "${ECHO_T}$ac_header_compiler" >&6; }
# Is the header present?
{ echo "$as_me:$LINENO: checking openssl/aes.h presence" >&5
echo $ECHO_N "checking openssl/aes.h presence... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <openssl/aes.h>
_ACEOF
if { (ac_try="$ac_cpp conftest.$ac_ext"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null && {
test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
test ! -s conftest.err
}; then
ac_header_preproc=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_preproc=no
fi
rm -f conftest.err conftest.$ac_ext
{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
echo "${ECHO_T}$ac_header_preproc" >&6; }
# So? What about this header?
case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
yes:no: )
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
echo "$as_me: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the compiler's result" >&5
echo "$as_me: WARNING: openssl/aes.h: proceeding with the compiler's result" >&2;}
ac_header_preproc=yes
;;
no:yes:* )
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: present but cannot be compiled" >&5
echo "$as_me: WARNING: openssl/aes.h: present but cannot be compiled" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&5
echo "$as_me: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: see the Autoconf documentation" >&5
echo "$as_me: WARNING: openssl/aes.h: see the Autoconf documentation" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5
echo "$as_me: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&5
echo "$as_me: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&2;}
{ echo "$as_me:$LINENO: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&5
echo "$as_me: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&2;}
;;
esac
{ echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
if test "${ac_cv_header_openssl_aes_h+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_header_openssl_aes_h=$ac_header_preproc
fi
{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
fi
if test $ac_cv_header_openssl_aes_h = yes; then
CRYPTO_HEADER_FOUND=1
else
CRYPTO_HEADER_FOUND=0
fi
fi
fi
if test "x${CRYPTO_HEADER_FOUND}" = "x0" ; then
CRYPTO_LIB=""
CRYPTO_INCLUDE=""
else
if test "x${pbxfuncname}" = "x" ; then # only checking headers -> no library
CRYPTO_LIB=""
fi
PBX_CRYPTO=1
# XXX don't know how to evaluate the description (third argument) in AC_DEFINE_UNQUOTED
cat >>confdefs.h <<_ACEOF
#define HAVE_CRYPTO 1
_ACEOF
cat >>confdefs.h <<_ACEOF
#define HAVE_CRYPTO_VERSION
_ACEOF
fi
fi
fi
if test "${PBX_CRYPTO}" != "0";
then
if test "x${PBX_OPENSSL}" != "x1" -a "${USE_OPENSSL}" != "no"; then
pbxlibdir=""
if test "x${OPENSSL_DIR}" != "x"; then
@ -29628,6 +30054,7 @@ _ACEOF
fi
fi
fi
if test "x${PBX_FREETDS}" != "x1" -a "${USE_FREETDS}" != "no"; then
@ -35694,6 +36121,10 @@ CURSES_LIB!$CURSES_LIB$ac_delim
CURSES_INCLUDE!$CURSES_INCLUDE$ac_delim
CURSES_DIR!$CURSES_DIR$ac_delim
PBX_CURSES!$PBX_CURSES$ac_delim
CRYPTO_LIB!$CRYPTO_LIB$ac_delim
CRYPTO_INCLUDE!$CRYPTO_INCLUDE$ac_delim
CRYPTO_DIR!$CRYPTO_DIR$ac_delim
PBX_CRYPTO!$PBX_CRYPTO$ac_delim
GNUTLS_LIB!$GNUTLS_LIB$ac_delim
GNUTLS_INCLUDE!$GNUTLS_INCLUDE$ac_delim
GNUTLS_DIR!$GNUTLS_DIR$ac_delim
@ -35766,10 +36197,6 @@ PRI_LIB!$PRI_LIB$ac_delim
PRI_INCLUDE!$PRI_INCLUDE$ac_delim
PRI_DIR!$PRI_DIR$ac_delim
PBX_PRI!$PBX_PRI$ac_delim
SS7_LIB!$SS7_LIB$ac_delim
SS7_INCLUDE!$SS7_INCLUDE$ac_delim
SS7_DIR!$SS7_DIR$ac_delim
PBX_SS7!$PBX_SS7$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@ -35811,6 +36238,10 @@ _ACEOF
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
cat >conf$$subs.sed <<_ACEOF
SS7_LIB!$SS7_LIB$ac_delim
SS7_INCLUDE!$SS7_INCLUDE$ac_delim
SS7_DIR!$SS7_DIR$ac_delim
PBX_SS7!$PBX_SS7$ac_delim
PWLIB_LIB!$PWLIB_LIB$ac_delim
PWLIB_INCLUDE!$PWLIB_INCLUDE$ac_delim
PWLIB_DIR!$PWLIB_DIR$ac_delim
@ -35904,10 +36335,6 @@ PWLIB_LIBDIR!$PWLIB_LIBDIR$ac_delim
PWLIB_PLATFORM!$PWLIB_PLATFORM$ac_delim
OPENH323DIR!$OPENH323DIR$ac_delim
OPENH323_INCDIR!$OPENH323_INCDIR$ac_delim
OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
OPENH323_BUILD!$OPENH323_BUILD$ac_delim
QTMOC!$QTMOC$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@ -35949,6 +36376,10 @@ _ACEOF
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
cat >conf$$subs.sed <<_ACEOF
OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
OPENH323_BUILD!$OPENH323_BUILD$ac_delim
QTMOC!$QTMOC$ac_delim
EDITLINE_LIB!$EDITLINE_LIB$ac_delim
PBX_H323!$PBX_H323$ac_delim
PBX_IXJUSER!$PBX_IXJUSER$ac_delim
@ -35964,7 +36395,7 @@ CURL_CONFIG!$CURL_CONFIG$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

8
configure.ac
Unescape View File

@ -186,6 +186,7 @@ AST_EXT_LIB_SETUP([BKTR], [Stack Backtrace support], [execinfo])
AST_EXT_LIB_SETUP([CAP], [POSIX 1.e capabilities], [cap])
AST_EXT_LIB_SETUP([CURL], [cURL], [curl])
AST_EXT_LIB_SETUP([CURSES], [curses], [curses])
AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography Support], [crypto])
AST_EXT_LIB_SETUP([GNUTLS], [GNU TLS support (used for iksemel only)], [gnutls])
AST_EXT_LIB_SETUP([GSM], [GSM], [gsm], [, or 'internal'])
AST_EXT_LIB_SETUP([IKSEMEL], [Iksemel Jabber Library], [iksemel])
@ -846,7 +847,12 @@ AST_EXT_LIB_CHECK([SQLITE], [sqlite], [sqlite_exec], [sqlite.h])
AST_EXT_LIB_CHECK([SQLITE3], [sqlite3], [sqlite3_open], [sqlite3.h])
AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
AST_EXT_LIB_CHECK([CRYPTO], [crypto], [AES_encrypt], [openssl/aes.h])
if test "${PBX_CRYPTO}" != "0";
then
AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
fi
AST_EXT_LIB_CHECK([FREETDS], [tds], [tds_version], [tds.h])
if test "${PBX_FREETDS}" != "0";

179
include/asterisk/aes.h
Unescape View File

@ -1,170 +1,65 @@
/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 20075, Digium, Inc.
*
* Kevin P. Fleming <kpfleming@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
*/
/*!\file
\brief This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
*/
#ifndef _AES_H
#define _AES_H
/* This include is used to find 8 & 32 bit unsigned integer types */
#include "limits.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define AES_128 /* define if AES with 128 bit keys is needed */
#undef AES_192 /* define if AES with 192 bit keys is needed */
#undef AES_256 /* define if AES with 256 bit keys is needed */
#undef AES_VAR /* define if a variable key size is needed */
/* The following must also be set in assembler files if being used */
#define AES_ENCRYPT /* if support for encryption is needed */
#define AES_DECRYPT /* if support for decryption is needed */
#define AES_ERR_CHK /* for parameter checks & error return codes */
#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */
typedef unsigned char aes_08t;
#else
#error Please define aes_08t as an 8-bit unsigned integer type in aes.h
#endif
#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */
typedef unsigned int aes_32t;
#elif ULONG_MAX == 0xffffffff
typedef unsigned long aes_32t;
#else
#error Please define aes_32t as a 32-bit unsigned integer type in aes.h
#endif
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
#define N_COLS 4 /* the number of columns in the state */
/* a maximum of 60 32-bit words are needed for the key schedule but */
/* 64 are claimed to allow space at the top for a CBC xor buffer. */
/* If this is not needed, this value can be reduced to 60. A value */
/* of 64 may also help in maintaining alignment in some situations */
#define KS_LENGTH 64
#ifdef AES_ERR_CHK
#define aes_ret int
#define aes_good 0
#define aes_error -1
#else
#define aes_ret void
#endif
#ifndef AES_DLL /* implement normal/DLL functions */
#define aes_rval aes_ret
#else
#define aes_rval aes_ret __declspec(dllexport) _stdcall
#endif
/*! \file
* \brief Wrappers for AES encryption/decryption
*
* These wrappers provided a generic interface to either the
* AES methods provided by OpenSSL's crypto library, or the
* AES implementation included with Asterisk.
*/
/* This routine must be called before first use if non-static */
/* tables are being used */
#ifndef _ASTERISK_AES_H
#define _ASTERISK_AES_H
void gen_tabs(void);
#ifdef HAVE_CRYPTO
/* The key length (klen) is input in bytes when it is in the range */
/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
/* Use the OpenSSL crypto library */
#include "openssl/aes.h"
#ifdef AES_ENCRYPT
typedef AES_KEY ast_aes_encrypt_key;
typedef AES_KEY ast_aes_decrypt_key;
typedef struct
{ aes_32t ks[KS_LENGTH];
} aes_encrypt_ctx;
#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 1024, context)
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 1024, context)
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context)
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context)
#if defined(AES_VAR)
aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
#endif
aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
#endif
#else /* !HAVE_CRYPTO */
#ifdef AES_DECRYPT
/* Use the included AES implementation */
typedef struct
{ aes_32t ks[KS_LENGTH];
} aes_decrypt_ctx;
#include "aes_internal.h"
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
typedef aes_encrypt_ctx ast_aes_encrypt_key;
typedef aes_decrypt_ctx ast_aes_decrypt_key;
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context)
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context)
#if defined(AES_VAR)
aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
#endif
#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context)
aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
#endif
#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context)
#if defined(__cplusplus)
}
#endif
#endif /* !HAVE_CRYPTO */
#endif
#endif /* _ASTERISK_AES_H */

170
include/asterisk/aes_internal.h
Unescape View File

@ -0,0 +1,170 @@
/*
* Asterisk -- An open source telephony toolkit.
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*/
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
*/
/*!\file
\brief This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
*/
#ifndef _AES_INTERNAL_H
#define _AES_INTERNAL_H
/* This include is used to find 8 & 32 bit unsigned integer types */
#include "limits.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define AES_128 /* define if AES with 128 bit keys is needed */
#undef AES_192 /* define if AES with 192 bit keys is needed */
#undef AES_256 /* define if AES with 256 bit keys is needed */
#undef AES_VAR /* define if a variable key size is needed */
/* The following must also be set in assembler files if being used */
#define AES_ENCRYPT /* if support for encryption is needed */
#define AES_DECRYPT /* if support for decryption is needed */
#define AES_ERR_CHK /* for parameter checks & error return codes */
#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */
typedef unsigned char aes_08t;
#else
#error Please define aes_08t as an 8-bit unsigned integer type in aes.h
#endif
#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */
typedef unsigned int aes_32t;
#elif ULONG_MAX == 0xffffffff
typedef unsigned long aes_32t;
#else
#error Please define aes_32t as a 32-bit unsigned integer type in aes.h
#endif
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
#define N_COLS 4 /* the number of columns in the state */
/* a maximum of 60 32-bit words are needed for the key schedule but */
/* 64 are claimed to allow space at the top for a CBC xor buffer. */
/* If this is not needed, this value can be reduced to 60. A value */
/* of 64 may also help in maintaining alignment in some situations */
#define KS_LENGTH 64
#ifdef AES_ERR_CHK
#define aes_ret int
#define aes_good 0
#define aes_error -1
#else
#define aes_ret void
#endif
#ifndef AES_DLL /* implement normal/DLL functions */
#define aes_rval aes_ret
#else
#define aes_rval aes_ret __declspec(dllexport) _stdcall
#endif
/* This routine must be called before first use if non-static */
/* tables are being used */
void gen_tabs(void);
/* The key length (klen) is input in bytes when it is in the range */
/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
#ifdef AES_ENCRYPT
typedef struct
{ aes_32t ks[KS_LENGTH];
} aes_encrypt_ctx;
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
#endif
aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
#endif
#ifdef AES_DECRYPT
typedef struct
{ aes_32t ks[KS_LENGTH];
} aes_decrypt_ctx;
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
#endif
aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
#endif
#if defined(__cplusplus)
}
#endif
#endif

6
include/asterisk/autoconfig.h.in
Unescape View File

@ -77,6 +77,12 @@
/* Define to 1 if your system has a working `chown' function. */
#undef HAVE_CHOWN
/* Define this to indicate the ${CRYPTO_DESCRIP} library */
#undef HAVE_CRYPTO
/* Define to indicate the ${CRYPTO_DESCRIP} library version */
#undef HAVE_CRYPTO_VERSION
/* Define if your system has the curl libraries. */
#undef HAVE_CURL

8
main/aescrypt.c
Unescape View File

@ -42,13 +42,15 @@
* \author Dr Brian Gladman <brg@gladman.me.uk>
*/
#include "aesopt.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#ifndef HAVE_CRYPTO
#include "aesopt.h"
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
#define so(y,x,c) word_out(y, c, s(x,c))
@ -312,6 +314,8 @@ aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx
#endif
#endif /* !HAVE_CRYPTO */
#if defined(__cplusplus)
}
#endif

8
main/aeskey.c
Unescape View File

@ -41,13 +41,15 @@
* \author Dr Brian Gladman <brg@gladman.me.uk>
*/
#include "aesopt.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#ifndef HAVE_CRYPTO
#include "aesopt.h"
/* Initialise the key schedule from the user supplied key. The key
length can be specified in bytes, with legal values of 16, 24
and 32, or in bits, with legal values of 128, 192 and 256. These
@ -464,6 +466,8 @@ aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
#endif
#endif /* !HAVE_CRYPTO */
#if defined(__cplusplus)
}
#endif

4
main/aestab.c
Unescape View File

@ -37,6 +37,8 @@ extern "C"
{
#endif
#ifndef HAVE_CRYPTO
#define DO_TABLES
#include "aesopt.h"
@ -226,6 +228,8 @@ void gen_tabs(void)
#endif
#endif /* !HAVE_CRYPTO */
#if defined(__cplusplus)
}
#endif

3
makeopts.in
Unescape View File

@ -151,6 +151,9 @@ SQLITE3_LIB=@SQLITE3_LIB@
SSL_INCLUDE=@OPENSSL_INCLUDE@
SSL_LIB=@OPENSSL_LIB@
CRYPTO_INCLUDE=@CRYPTO_INCLUDE@
CRYPTO_LIB=@CRYPTO_LIB@
TONEZONE_INCLUDE=@TONEZONE_INCLUDE@
TONEZONE_LIB=@TONEZONE_LIB@

29
pbx/pbx_dundi.c
Unescape View File

@ -24,6 +24,7 @@
/*** MODULEINFO
<depend>zlib</depend>
<use>crypto</use>
***/
#include "asterisk.h"
@ -173,8 +174,8 @@ struct dundi_transaction {
int eidcount; /*!< Number of eids in eids */
dundi_eid us_eid; /*!< Our EID, to them */
dundi_eid them_eid; /*!< Their EID, to us */
aes_encrypt_ctx ecx; /*!< AES 128 Encryption context */
aes_decrypt_ctx dcx; /*!< AES 128 Decryption context */
ast_aes_encrypt_key ecx; /*!< AES 128 Encryption context */
ast_aes_decrypt_key dcx; /*!< AES 128 Decryption context */
unsigned int flags; /*!< Has final packet been sent */
int ttl; /*!< Remaining TTL for queries on this one */
int thread; /*!< We have a calling thread */
@ -240,11 +241,11 @@ struct dundi_peer {
unsigned char txenckey[256]; /*!< Transmitted encrypted key + sig */
unsigned char rxenckey[256]; /*!< Cache received encrypted key + sig */
unsigned long us_keycrc32; /*!< CRC-32 of our key */
aes_encrypt_ctx us_ecx; /*!< Cached AES 128 Encryption context */
aes_decrypt_ctx us_dcx; /*!< Cached AES 128 Decryption context */
ast_aes_encrypt_key us_ecx; /*!< Cached AES 128 Encryption context */
ast_aes_decrypt_key us_dcx; /*!< Cached AES 128 Decryption context */
unsigned long them_keycrc32; /*!< CRC-32 of our key */
aes_encrypt_ctx them_ecx; /*!< Cached AES 128 Encryption context */
aes_decrypt_ctx them_dcx; /*!< Cached AES 128 Decryption context */
ast_aes_encrypt_key them_ecx; /*!< Cached AES 128 Encryption context */
ast_aes_decrypt_key them_dcx; /*!< Cached AES 128 Decryption context */
time_t keyexpire; /*!< When to expire/recreate key */
int registerexpire;
int lookuptimes[DUNDI_TIMING_HISTORY];
@ -1300,8 +1301,8 @@ static int update_key(struct dundi_peer *peer)
int res;
if (!peer->keyexpire || (peer->keyexpire < time(NULL))) {
build_iv(key);
aes_encrypt_key128(key, &peer->us_ecx);
aes_decrypt_key128(key, &peer->us_dcx);
ast_aes_encrypt_key(key, &peer->us_ecx);
ast_aes_decrypt_key(key, &peer->us_dcx);
ekey = ast_key_get(peer->inkey, AST_KEY_PUBLIC);
if (!ekey) {
ast_log(LOG_NOTICE, "No such key '%s' for creating RSA encrypted shared key for '%s'!\n",
@ -1331,7 +1332,7 @@ static int update_key(struct dundi_peer *peer)
return 0;
}
static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_encrypt_ctx *ecx)
static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_encrypt_key *ecx)
{
unsigned char curblock[16];
int x;
@ -1339,7 +1340,7 @@ static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsig
while(len > 0) {
for (x=0;x<16;x++)
curblock[x] ^= src[x];
aes_encrypt(curblock, dst, ecx);
ast_aes_encrypt(curblock, dst, ecx);
memcpy(curblock, dst, sizeof(curblock));
dst += 16;
src += 16;
@ -1347,13 +1348,13 @@ static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsig
}
return 0;
}
static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_decrypt_ctx *dcx)
static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_decrypt_key *dcx)
{
unsigned char lastblock[16];
int x;
memcpy(lastblock, iv, sizeof(lastblock));
while(len > 0) {
aes_decrypt(src, dst, dcx);
ast_aes_decrypt(src, dst, dcx);
for (x=0;x<16;x++)
dst[x] ^= lastblock[x];
memcpy(lastblock, src, sizeof(lastblock));
@ -1507,8 +1508,8 @@ static int check_key(struct dundi_peer *peer, unsigned char *newkey, unsigned ch
memcpy(peer->rxenckey, newkey, 128);
memcpy(peer->rxenckey + 128, newsig, 128);
peer->them_keycrc32 = crc32(0L, peer->rxenckey, 128);
aes_decrypt_key128(dst, &peer->them_dcx);
aes_encrypt_key128(dst, &peer->them_ecx);
ast_aes_decrypt_key(dst, &peer->them_dcx);
ast_aes_encrypt_key(dst, &peer->them_ecx);
return 1;
}

Write Preview
Loading…
Cancel
Save