<p>N A has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/15934">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">chan_iax2: Add RSA encryption<br><br>Adds support for RSA encryption to IAX2.<br>Also prevents crashes if an IAX2 call is<br>initiated to a switch requiring RSA encryption<br>but no secret is provided.<br><br>ASTERISK-29264<br><br>Change-Id: I18f1f9d7c59b4f9cffa00f3b94a4c875846efd40<br>---<br>M channels/chan_iax2.c<br>1 file changed, 16 insertions(+), 4 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/34/15934/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c</span><br><span>index 3d8cd72..26b0d23 100644</span><br><span>--- a/channels/chan_iax2.c</span><br><span>+++ b/channels/chan_iax2.c</span><br><span>@@ -5124,7 +5124,7 @@</span><br><span>                       ast_channel_hangupcause_set(c, AST_CAUSE_BEARERCAPABILITY_NOTAVAIL);</span><br><span>                         return -1;</span><br><span>           }</span><br><span style="color: hsl(0, 100%, 40%);">-               if (((cai.authmethods & IAX_AUTH_MD5) || (cai.authmethods & IAX_AUTH_PLAINTEXT)) &&</span><br><span style="color: hsl(120, 100%, 40%);">+           if (((cai.authmethods & IAX_AUTH_RSA) || (cai.authmethods & IAX_AUTH_MD5) || (cai.authmethods & IAX_AUTH_PLAINTEXT)) &&</span><br><span>                  ast_strlen_zero(cai.secret) && ast_strlen_zero(pds.password)) {</span><br><span>                      ast_log(LOG_WARNING, "Call terminated. Encryption forced but no secret provided\n");</span><br><span>                       return -1;</span><br><span>@@ -8374,6 +8374,18 @@</span><br><span>                                  res = 0;</span><br><span>                             }</span><br><span>                    }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+                   if (pvt && !ast_strlen_zero(secret)) {</span><br><span style="color: hsl(120, 100%, 40%);">+                                struct MD5Context md5;</span><br><span style="color: hsl(120, 100%, 40%);">+                                unsigned char digest[16];</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+                           MD5Init(&md5);</span><br><span style="color: hsl(120, 100%, 40%);">+                            MD5Update(&md5, (unsigned char *) challenge, strlen(challenge));</span><br><span style="color: hsl(120, 100%, 40%);">+                          MD5Update(&md5, (unsigned char *) secret, strlen(secret));</span><br><span style="color: hsl(120, 100%, 40%);">+                                MD5Final(digest, &md5);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+                         build_encryption_keys(digest, pvt);</span><br><span style="color: hsl(120, 100%, 40%);">+                   }</span><br><span>            }</span><br><span>    }</span><br><span>    /* Fall back */</span><br><span>@@ -8485,7 +8497,7 @@</span><br><span> </span><br><span>  if (ies->encmethods) {</span><br><span>            if (ast_strlen_zero(p->secret) &&</span><br><span style="color: hsl(0, 100%, 40%);">-                    ((ies->authmethods & IAX_AUTH_MD5) || (ies->authmethods & IAX_AUTH_PLAINTEXT))) {</span><br><span style="color: hsl(120, 100%, 40%);">+                       ((ies->authmethods & IAX_AUTH_RSA) || (ies->authmethods & IAX_AUTH_MD5) || (ies->authmethods & IAX_AUTH_PLAINTEXT))) {</span><br><span>                  ast_log(LOG_WARNING, "Call terminated. Encryption requested by peer but no secret available locally\n");</span><br><span>                   return -1;</span><br><span>           }</span><br><span>@@ -10942,8 +10954,8 @@</span><br><span>                                  }</span><br><span>                                    break;</span><br><span>                               }</span><br><span style="color: hsl(0, 100%, 40%);">-                               if (iaxs[fr->callno]->authmethods & IAX_AUTH_MD5)</span><br><span style="color: hsl(0, 100%, 40%);">-                                     merge_encryption(iaxs[fr->callno],ies.encmethods);</span><br><span style="color: hsl(120, 100%, 40%);">+                         if (iaxs[fr->callno]->authmethods & (IAX_AUTH_MD5 | IAX_AUTH_RSA))</span><br><span style="color: hsl(120, 100%, 40%);">+                                  merge_encryption(iaxs[fr->callno], ies.encmethods);</span><br><span>                               else</span><br><span>                                         iaxs[fr->callno]->encmethods = 0;</span><br><span>                              if (!authenticate_request(fr->callno) && iaxs[fr->callno])</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/15934">change 15934</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/15934"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: I18f1f9d7c59b4f9cffa00f3b94a4c875846efd40 </div>
<div style="display:none"> Gerrit-Change-Number: 15934 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: N A <mail@interlinked.x10host.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>