[asterisk-commits] kpfleming: trunk r66071 - in /trunk: ./
build_tools/ channels/ include/asteri...
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Thu May 24 15:07:50 MST 2007
Author: kpfleming
Date: Thu May 24 17:07:50 2007
New Revision: 66071
URL: http://svn.digium.com/view/asterisk?view=rev&rev=66071
Log:
use the OpenSSL AES implementation if it's available (unless configured not to)
Added:
trunk/include/asterisk/aes.h (with props)
trunk/include/asterisk/aes_internal.h
- copied, changed from r65968, trunk/include/asterisk/aes.h
Modified:
trunk/build_tools/menuselect-deps.in
trunk/channels/chan_iax2.c
trunk/configure
trunk/configure.ac
trunk/include/asterisk/autoconfig.h.in
trunk/main/aescrypt.c
trunk/main/aeskey.c
trunk/main/aestab.c
trunk/makeopts.in
trunk/pbx/pbx_dundi.c
Modified: trunk/build_tools/menuselect-deps.in
URL: http://svn.digium.com/view/asterisk/trunk/build_tools/menuselect-deps.in?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/build_tools/menuselect-deps.in (original)
+++ trunk/build_tools/menuselect-deps.in Thu May 24 17:07:50 2007
@@ -26,6 +26,7 @@
SQLITE=@PBX_SQLITE@
SQLITE3=@PBX_SQLITE3@
SSL=@PBX_OPENSSL@
+CRYPTO=@PBX_CRYPTO@
TONEZONE=@PBX_TONEZONE@
UNIXODBC=@PBX_UNIXODBC@
VORBIS=@PBX_VORBIS@
Modified: trunk/channels/chan_iax2.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_iax2.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/channels/chan_iax2.c (original)
+++ trunk/channels/chan_iax2.c Thu May 24 17:07:50 2007
@@ -30,6 +30,7 @@
/*** MODULEINFO
<use>zaptel</use>
+ <use>crypto</use>
***/
#include "asterisk.h"
@@ -594,9 +595,9 @@
/*! permitted encryption methods */
int encmethods;
/*! Encryption AES-128 Key */
- aes_encrypt_ctx ecx;
+ ast_aes_encrypt_key ecx;
/*! Decryption AES-128 Key */
- aes_decrypt_ctx dcx;
+ ast_aes_decrypt_key dcx;
/*! 32 bytes of semi-random data */
unsigned char semirand[32];
/*! Associated registry */
@@ -615,8 +616,8 @@
struct sockaddr_in transfer;
/*! What's the new call number for the transfer */
unsigned short transfercallno;
- /*! Transfer decrypt AES-128 Key */
- aes_encrypt_ctx tdcx;
+ /*! Transfer encrypt AES-128 Key */
+ ast_aes_encrypt_key tdcx;
/*! Status of knowledge of peer ADSI capability */
int peeradsicpe;
@@ -3804,13 +3805,13 @@
return 0;
}
-static void build_enc_keys(const unsigned char *digest, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
-{
- aes_encrypt_key128(digest, ecx);
- aes_decrypt_key128(digest, dcx);
-}
-
-static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, aes_decrypt_ctx *dcx)
+static void build_enc_keys(const unsigned char *digest, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
+{
+ ast_aes_encrypt_key(digest, ecx);
+ ast_aes_decrypt_key(digest, dcx);
+}
+
+static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_decrypt_key *dcx)
{
#if 0
/* Debug with "fake encryption" */
@@ -3823,7 +3824,7 @@
unsigned char lastblock[16] = { 0 };
int x;
while(len > 0) {
- aes_decrypt(src, dst, dcx);
+ ast_aes_decrypt(src, dst, dcx);
for (x=0;x<16;x++)
dst[x] ^= lastblock[x];
memcpy(lastblock, src, sizeof(lastblock));
@@ -3834,7 +3835,7 @@
#endif
}
-static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, aes_encrypt_ctx *ecx)
+static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_encrypt_key *ecx)
{
#if 0
/* Debug with "fake encryption" */
@@ -3849,7 +3850,7 @@
while(len > 0) {
for (x=0;x<16;x++)
curblock[x] ^= src[x];
- aes_encrypt(curblock, dst, ecx);
+ ast_aes_encrypt(curblock, dst, ecx);
memcpy(curblock, dst, sizeof(curblock));
dst += 16;
src += 16;
@@ -3858,7 +3859,7 @@
#endif
}
-static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
+static int decode_frame(ast_aes_decrypt_key *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
{
int padding;
unsigned char *workspace;
@@ -3903,7 +3904,7 @@
return 0;
}
-static int encrypt_frame(aes_encrypt_ctx *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
+static int encrypt_frame(ast_aes_encrypt_key *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
{
int padding;
unsigned char *workspace;
@@ -5262,7 +5263,7 @@
}
-static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
+static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
{
int res = -1;
int x;
Modified: trunk/configure
URL: http://svn.digium.com/view/asterisk/trunk/configure?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/configure (original)
+++ trunk/configure Thu May 24 17:07:50 2007
@@ -737,6 +737,10 @@
CURSES_INCLUDE
CURSES_DIR
PBX_CURSES
+CRYPTO_LIB
+CRYPTO_INCLUDE
+CRYPTO_DIR
+PBX_CRYPTO
GNUTLS_LIB
GNUTLS_INCLUDE
GNUTLS_DIR
@@ -1521,6 +1525,7 @@
--with-cap=PATH use POSIX 1.e capabilities files in PATH
--with-curl=PATH use cURL files in PATH
--with-curses=PATH use curses files in PATH
+ --with-crypto=PATH use OpenSSL Cryptography Support files in PATH
--with-gnutls=PATH use GNU TLS support (used for iksemel only) files in
PATH
--with-gsm=PATH use GSM files in PATH , or 'internal'
@@ -7778,6 +7783,34 @@
fi
PBX_CURSES=0
+
+
+
+
+
+
+CRYPTO_DESCRIP="OpenSSL Cryptography Support"
+CRYPTO_OPTION="crypto"
+
+# Check whether --with-crypto was given.
+if test "${with_crypto+set}" = set; then
+ withval=$with_crypto;
+case ${withval} in
+ n|no)
+ USE_CRYPTO=no
+ ;;
+ y|ye|yes)
+ ac_mandatory_list="${ac_mandatory_list} CRYPTO"
+ ;;
+ *)
+ CRYPTO_DIR="${withval}"
+ ac_mandatory_list="${ac_mandatory_list} CRYPTO"
+ ;;
+esac
+
+fi
+
+PBX_CRYPTO=0
@@ -29239,6 +29272,399 @@
+if test "x${PBX_CRYPTO}" != "x1" -a "${USE_CRYPTO}" != "no"; then
+ pbxlibdir=""
+ if test "x${CRYPTO_DIR}" != "x"; then
+ if test -d ${CRYPTO_DIR}/lib; then
+ pbxlibdir="-L${CRYPTO_DIR}/lib"
+ else
+ pbxlibdir="-L${CRYPTO_DIR}"
+ fi
+ fi
+ pbxfuncname="AES_encrypt"
+ if test "x${pbxfuncname}" = "x" ; then # empty lib, assume only headers
+ AST_CRYPTO_FOUND=yes
+ else
+ as_ac_Lib=`echo "ac_cv_lib_crypto_${pbxfuncname}" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for ${pbxfuncname} in -lcrypto" >&5
+echo $ECHO_N "checking for ${pbxfuncname} in -lcrypto... $ECHO_C" >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto ${pbxlibdir} $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ${pbxfuncname} ();
+int
+main ()
+{
+return ${pbxfuncname} ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_Lib=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Lib=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+ac_res=`eval echo '${'$as_ac_Lib'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Lib'}'` = yes; then
+ AST_CRYPTO_FOUND=yes
+else
+ AST_CRYPTO_FOUND=no
+fi
+
+ fi
+
+ if test "${AST_CRYPTO_FOUND}" = "yes"; then
+ CRYPTO_LIB="-lcrypto "
+ CRYPTO_HEADER_FOUND="1"
+ if test "x${CRYPTO_DIR}" != "x"; then
+ CRYPTO_LIB="${pbxlibdir} ${CRYPTO_LIB}"
+ CRYPTO_INCLUDE="-I${CRYPTO_DIR}/include"
+ saved_cppflags="${CPPFLAGS}"
+ CPPFLAGS="${CPPFLAGS} -I${CRYPTO_DIR}/include"
+ if test "xopenssl/aes.h" != "x" ; then
+ as_ac_Header=`echo "ac_cv_header_${CRYPTO_DIR}/include/openssl/aes.h" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
+echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h usability" >&5
+echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <${CRYPTO_DIR}/include/openssl/aes.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h presence" >&5
+echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <${CRYPTO_DIR}/include/openssl/aes.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
+echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ CRYPTO_HEADER_FOUND=1
+else
+ CRYPTO_HEADER_FOUND=0
+fi
+
+
+ fi
+ CPPFLAGS="${saved_cppflags}"
+ else
+ if test "xopenssl/aes.h" != "x" ; then
+ if test "${ac_cv_header_openssl_aes_h+set}" = set; then
+ { echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
+echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_openssl_aes_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
+echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking openssl/aes.h usability" >&5
+echo $ECHO_N "checking openssl/aes.h usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <openssl/aes.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking openssl/aes.h presence" >&5
+echo $ECHO_N "checking openssl/aes.h presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <openssl/aes.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: openssl/aes.h: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: openssl/aes.h: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: openssl/aes.h: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
+echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_openssl_aes_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_header_openssl_aes_h=$ac_header_preproc
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
+echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
+
+fi
+if test $ac_cv_header_openssl_aes_h = yes; then
+ CRYPTO_HEADER_FOUND=1
+else
+ CRYPTO_HEADER_FOUND=0
+fi
+
+
+ fi
+ fi
+ if test "x${CRYPTO_HEADER_FOUND}" = "x0" ; then
+ CRYPTO_LIB=""
+ CRYPTO_INCLUDE=""
+ else
+ if test "x${pbxfuncname}" = "x" ; then # only checking headers -> no library
+ CRYPTO_LIB=""
+ fi
+ PBX_CRYPTO=1
+ # XXX don't know how to evaluate the description (third argument) in AC_DEFINE_UNQUOTED
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_CRYPTO 1
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_CRYPTO_VERSION
+_ACEOF
+
+ fi
+ fi
+fi
+
+
+if test "${PBX_CRYPTO}" != "0";
+then
+
if test "x${PBX_OPENSSL}" != "x1" -a "${USE_OPENSSL}" != "no"; then
pbxlibdir=""
if test "x${OPENSSL_DIR}" != "x"; then
@@ -29628,6 +30054,7 @@
fi
fi
+fi
if test "x${PBX_FREETDS}" != "x1" -a "${USE_FREETDS}" != "no"; then
@@ -35694,6 +36121,10 @@
CURSES_INCLUDE!$CURSES_INCLUDE$ac_delim
CURSES_DIR!$CURSES_DIR$ac_delim
PBX_CURSES!$PBX_CURSES$ac_delim
+CRYPTO_LIB!$CRYPTO_LIB$ac_delim
+CRYPTO_INCLUDE!$CRYPTO_INCLUDE$ac_delim
+CRYPTO_DIR!$CRYPTO_DIR$ac_delim
+PBX_CRYPTO!$PBX_CRYPTO$ac_delim
GNUTLS_LIB!$GNUTLS_LIB$ac_delim
GNUTLS_INCLUDE!$GNUTLS_INCLUDE$ac_delim
GNUTLS_DIR!$GNUTLS_DIR$ac_delim
@@ -35766,10 +36197,6 @@
PRI_INCLUDE!$PRI_INCLUDE$ac_delim
PRI_DIR!$PRI_DIR$ac_delim
PBX_PRI!$PBX_PRI$ac_delim
-SS7_LIB!$SS7_LIB$ac_delim
-SS7_INCLUDE!$SS7_INCLUDE$ac_delim
-SS7_DIR!$SS7_DIR$ac_delim
-PBX_SS7!$PBX_SS7$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -35811,6 +36238,10 @@
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
cat >conf$$subs.sed <<_ACEOF
+SS7_LIB!$SS7_LIB$ac_delim
+SS7_INCLUDE!$SS7_INCLUDE$ac_delim
+SS7_DIR!$SS7_DIR$ac_delim
+PBX_SS7!$PBX_SS7$ac_delim
PWLIB_LIB!$PWLIB_LIB$ac_delim
PWLIB_INCLUDE!$PWLIB_INCLUDE$ac_delim
PWLIB_DIR!$PWLIB_DIR$ac_delim
@@ -35904,10 +36335,6 @@
PWLIB_PLATFORM!$PWLIB_PLATFORM$ac_delim
OPENH323DIR!$OPENH323DIR$ac_delim
OPENH323_INCDIR!$OPENH323_INCDIR$ac_delim
-OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
-OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
-OPENH323_BUILD!$OPENH323_BUILD$ac_delim
-QTMOC!$QTMOC$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -35949,6 +36376,10 @@
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
cat >conf$$subs.sed <<_ACEOF
+OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
+OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
+OPENH323_BUILD!$OPENH323_BUILD$ac_delim
+QTMOC!$QTMOC$ac_delim
EDITLINE_LIB!$EDITLINE_LIB$ac_delim
PBX_H323!$PBX_H323$ac_delim
PBX_IXJUSER!$PBX_IXJUSER$ac_delim
@@ -35964,7 +36395,7 @@
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
Modified: trunk/configure.ac
URL: http://svn.digium.com/view/asterisk/trunk/configure.ac?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/configure.ac (original)
+++ trunk/configure.ac Thu May 24 17:07:50 2007
@@ -186,6 +186,7 @@
AST_EXT_LIB_SETUP([CAP], [POSIX 1.e capabilities], [cap])
AST_EXT_LIB_SETUP([CURL], [cURL], [curl])
AST_EXT_LIB_SETUP([CURSES], [curses], [curses])
+AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography Support], [crypto])
AST_EXT_LIB_SETUP([GNUTLS], [GNU TLS support (used for iksemel only)], [gnutls])
AST_EXT_LIB_SETUP([GSM], [GSM], [gsm], [, or 'internal'])
AST_EXT_LIB_SETUP([IKSEMEL], [Iksemel Jabber Library], [iksemel])
@@ -846,7 +847,12 @@
AST_EXT_LIB_CHECK([SQLITE3], [sqlite3], [sqlite3_open], [sqlite3.h])
-AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
+AST_EXT_LIB_CHECK([CRYPTO], [crypto], [AES_encrypt], [openssl/aes.h])
+
+if test "${PBX_CRYPTO}" != "0";
+then
+ AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
+fi
AST_EXT_LIB_CHECK([FREETDS], [tds], [tds_version], [tds.h])
if test "${PBX_FREETDS}" != "0";
Added: trunk/include/asterisk/aes.h
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/aes.h?view=auto&rev=66071
==============================================================================
--- trunk/include/asterisk/aes.h (added)
+++ trunk/include/asterisk/aes.h Thu May 24 17:07:50 2007
@@ -1,0 +1,65 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 20075, Digium, Inc.
+ *
+ * Kevin P. Fleming <kpfleming at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*! \file
+ * \brief Wrappers for AES encryption/decryption
+ *
+ * These wrappers provided a generic interface to either the
+ * AES methods provided by OpenSSL's crypto library, or the
+ * AES implementation included with Asterisk.
+ */
+
+#ifndef _ASTERISK_AES_H
+#define _ASTERISK_AES_H
+
+#ifdef HAVE_CRYPTO
+
+/* Use the OpenSSL crypto library */
+#include "openssl/aes.h"
+
+typedef AES_KEY ast_aes_encrypt_key;
+typedef AES_KEY ast_aes_decrypt_key;
+
+#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 1024, context)
+
+#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 1024, context)
+
+#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context)
+
+#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context)
+
+#else /* !HAVE_CRYPTO */
+
+/* Use the included AES implementation */
+
+#include "aes_internal.h"
+
+typedef aes_encrypt_ctx ast_aes_encrypt_key;
+typedef aes_decrypt_ctx ast_aes_decrypt_key;
+
+#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context)
+
+#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context)
+
+#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context)
+
+#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context)
+
+#endif /* !HAVE_CRYPTO */
+
+#endif /* _ASTERISK_AES_H */
Propchange: trunk/include/asterisk/aes.h
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: trunk/include/asterisk/aes.h
------------------------------------------------------------------------------
svn:keywords = Author Id Date Revision
Propchange: trunk/include/asterisk/aes.h
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied: trunk/include/asterisk/aes_internal.h (from r65968, trunk/include/asterisk/aes.h)
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/aes_internal.h?view=diff&rev=66071&p1=trunk/include/asterisk/aes.h&r1=65968&p2=trunk/include/asterisk/aes_internal.h&r2=66071
==============================================================================
--- trunk/include/asterisk/aes.h (original)
+++ trunk/include/asterisk/aes_internal.h Thu May 24 17:07:50 2007
@@ -46,8 +46,8 @@
for optimisation details.
*/
-#ifndef _AES_H
-#define _AES_H
+#ifndef _AES_INTERNAL_H
+#define _AES_INTERNAL_H
/* This include is used to find 8 & 32 bit unsigned integer types */
#include "limits.h"
Modified: trunk/include/asterisk/autoconfig.h.in
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/autoconfig.h.in?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/include/asterisk/autoconfig.h.in (original)
+++ trunk/include/asterisk/autoconfig.h.in Thu May 24 17:07:50 2007
@@ -76,6 +76,12 @@
/* Define to 1 if your system has a working `chown' function. */
#undef HAVE_CHOWN
+
+/* Define this to indicate the ${CRYPTO_DESCRIP} library */
+#undef HAVE_CRYPTO
+
+/* Define to indicate the ${CRYPTO_DESCRIP} library version */
+#undef HAVE_CRYPTO_VERSION
/* Define if your system has the curl libraries. */
#undef HAVE_CURL
Modified: trunk/main/aescrypt.c
URL: http://svn.digium.com/view/asterisk/trunk/main/aescrypt.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/main/aescrypt.c (original)
+++ trunk/main/aescrypt.c Thu May 24 17:07:50 2007
@@ -42,12 +42,14 @@
* \author Dr Brian Gladman <brg at gladman.me.uk>
*/
-#include "aesopt.h"
-
#if defined(__cplusplus)
extern "C"
{
#endif
+
+#ifndef HAVE_CRYPTO
+
+#include "aesopt.h"
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
#define so(y,x,c) word_out(y, c, s(x,c))
@@ -312,6 +314,8 @@
#endif
+#endif /* !HAVE_CRYPTO */
+
#if defined(__cplusplus)
}
#endif
Modified: trunk/main/aeskey.c
URL: http://svn.digium.com/view/asterisk/trunk/main/aeskey.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/main/aeskey.c (original)
+++ trunk/main/aeskey.c Thu May 24 17:07:50 2007
@@ -41,12 +41,14 @@
* \author Dr Brian Gladman <brg at gladman.me.uk>
*/
-#include "aesopt.h"
-
#if defined(__cplusplus)
extern "C"
{
#endif
+
+#ifndef HAVE_CRYPTO
+
+#include "aesopt.h"
/* Initialise the key schedule from the user supplied key. The key
length can be specified in bytes, with legal values of 16, 24
@@ -464,6 +466,8 @@
#endif
+#endif /* !HAVE_CRYPTO */
+
#if defined(__cplusplus)
}
#endif
Modified: trunk/main/aestab.c
URL: http://svn.digium.com/view/asterisk/trunk/main/aestab.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/main/aestab.c (original)
+++ trunk/main/aestab.c Thu May 24 17:07:50 2007
@@ -36,6 +36,8 @@
extern "C"
{
#endif
+
+#ifndef HAVE_CRYPTO
#define DO_TABLES
@@ -226,6 +228,8 @@
#endif
+#endif /* !HAVE_CRYPTO */
+
#if defined(__cplusplus)
}
#endif
Modified: trunk/makeopts.in
URL: http://svn.digium.com/view/asterisk/trunk/makeopts.in?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/makeopts.in (original)
+++ trunk/makeopts.in Thu May 24 17:07:50 2007
@@ -151,6 +151,9 @@
SSL_INCLUDE=@OPENSSL_INCLUDE@
SSL_LIB=@OPENSSL_LIB@
+CRYPTO_INCLUDE=@CRYPTO_INCLUDE@
+CRYPTO_LIB=@CRYPTO_LIB@
+
TONEZONE_INCLUDE=@TONEZONE_INCLUDE@
TONEZONE_LIB=@TONEZONE_LIB@
Modified: trunk/pbx/pbx_dundi.c
URL: http://svn.digium.com/view/asterisk/trunk/pbx/pbx_dundi.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/pbx/pbx_dundi.c (original)
+++ trunk/pbx/pbx_dundi.c Thu May 24 17:07:50 2007
@@ -24,6 +24,7 @@
/*** MODULEINFO
<depend>zlib</depend>
+ <use>crypto</use>
***/
#include "asterisk.h"
@@ -173,8 +174,8 @@
int eidcount; /*!< Number of eids in eids */
dundi_eid us_eid; /*!< Our EID, to them */
dundi_eid them_eid; /*!< Their EID, to us */
- aes_encrypt_ctx ecx; /*!< AES 128 Encryption context */
- aes_decrypt_ctx dcx; /*!< AES 128 Decryption context */
+ ast_aes_encrypt_key ecx; /*!< AES 128 Encryption context */
+ ast_aes_decrypt_key dcx; /*!< AES 128 Decryption context */
unsigned int flags; /*!< Has final packet been sent */
int ttl; /*!< Remaining TTL for queries on this one */
int thread; /*!< We have a calling thread */
@@ -240,11 +241,11 @@
unsigned char txenckey[256]; /*!< Transmitted encrypted key + sig */
unsigned char rxenckey[256]; /*!< Cache received encrypted key + sig */
unsigned long us_keycrc32; /*!< CRC-32 of our key */
- aes_encrypt_ctx us_ecx; /*!< Cached AES 128 Encryption context */
- aes_decrypt_ctx us_dcx; /*!< Cached AES 128 Decryption context */
+ ast_aes_encrypt_key us_ecx; /*!< Cached AES 128 Encryption context */
+ ast_aes_decrypt_key us_dcx; /*!< Cached AES 128 Decryption context */
unsigned long them_keycrc32; /*!< CRC-32 of our key */
- aes_encrypt_ctx them_ecx; /*!< Cached AES 128 Encryption context */
- aes_decrypt_ctx them_dcx; /*!< Cached AES 128 Decryption context */
+ ast_aes_encrypt_key them_ecx; /*!< Cached AES 128 Encryption context */
+ ast_aes_decrypt_key them_dcx; /*!< Cached AES 128 Decryption context */
time_t keyexpire; /*!< When to expire/recreate key */
int registerexpire;
int lookuptimes[DUNDI_TIMING_HISTORY];
@@ -1300,8 +1301,8 @@
int res;
if (!peer->keyexpire || (peer->keyexpire < time(NULL))) {
build_iv(key);
- aes_encrypt_key128(key, &peer->us_ecx);
- aes_decrypt_key128(key, &peer->us_dcx);
+ ast_aes_encrypt_key(key, &peer->us_ecx);
+ ast_aes_decrypt_key(key, &peer->us_dcx);
ekey = ast_key_get(peer->inkey, AST_KEY_PUBLIC);
if (!ekey) {
ast_log(LOG_NOTICE, "No such key '%s' for creating RSA encrypted shared key for '%s'!\n",
@@ -1331,7 +1332,7 @@
return 0;
}
-static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_encrypt_ctx *ecx)
+static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_encrypt_key *ecx)
{
unsigned char curblock[16];
int x;
@@ -1339,7 +1340,7 @@
while(len > 0) {
for (x=0;x<16;x++)
curblock[x] ^= src[x];
- aes_encrypt(curblock, dst, ecx);
+ ast_aes_encrypt(curblock, dst, ecx);
memcpy(curblock, dst, sizeof(curblock));
dst += 16;
src += 16;
@@ -1347,13 +1348,13 @@
}
return 0;
}
-static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_decrypt_ctx *dcx)
+static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_decrypt_key *dcx)
{
unsigned char lastblock[16];
int x;
memcpy(lastblock, iv, sizeof(lastblock));
while(len > 0) {
- aes_decrypt(src, dst, dcx);
+ ast_aes_decrypt(src, dst, dcx);
for (x=0;x<16;x++)
dst[x] ^= lastblock[x];
memcpy(lastblock, src, sizeof(lastblock));
@@ -1507,8 +1508,8 @@
memcpy(peer->rxenckey, newkey, 128);
memcpy(peer->rxenckey + 128, newsig, 128);
peer->them_keycrc32 = crc32(0L, peer->rxenckey, 128);
- aes_decrypt_key128(dst, &peer->them_dcx);
- aes_encrypt_key128(dst, &peer->them_ecx);
+ ast_aes_decrypt_key(dst, &peer->them_dcx);
+ ast_aes_encrypt_key(dst, &peer->them_ecx);
return 1;
}
More information about the asterisk-commits
mailing list