[svn-commits] kpfleming: trunk r66071 - in /trunk: ./ build_tools/ channels/ include/asteri...

svn-commits at lists.digium.com svn-commits at lists.digium.com
Thu May 24 15:07:50 MST 2007


Author: kpfleming
Date: Thu May 24 17:07:50 2007
New Revision: 66071

URL: http://svn.digium.com/view/asterisk?view=rev&rev=66071
Log:
use the OpenSSL AES implementation if it's available (unless configured not to)

Added:
    trunk/include/asterisk/aes.h   (with props)
    trunk/include/asterisk/aes_internal.h
      - copied, changed from r65968, trunk/include/asterisk/aes.h
Modified:
    trunk/build_tools/menuselect-deps.in
    trunk/channels/chan_iax2.c
    trunk/configure
    trunk/configure.ac
    trunk/include/asterisk/autoconfig.h.in
    trunk/main/aescrypt.c
    trunk/main/aeskey.c
    trunk/main/aestab.c
    trunk/makeopts.in
    trunk/pbx/pbx_dundi.c

Modified: trunk/build_tools/menuselect-deps.in
URL: http://svn.digium.com/view/asterisk/trunk/build_tools/menuselect-deps.in?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/build_tools/menuselect-deps.in (original)
+++ trunk/build_tools/menuselect-deps.in Thu May 24 17:07:50 2007
@@ -26,6 +26,7 @@
 SQLITE=@PBX_SQLITE@
 SQLITE3=@PBX_SQLITE3@
 SSL=@PBX_OPENSSL@
+CRYPTO=@PBX_CRYPTO@
 TONEZONE=@PBX_TONEZONE@
 UNIXODBC=@PBX_UNIXODBC@
 VORBIS=@PBX_VORBIS@

Modified: trunk/channels/chan_iax2.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_iax2.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/channels/chan_iax2.c (original)
+++ trunk/channels/chan_iax2.c Thu May 24 17:07:50 2007
@@ -30,6 +30,7 @@
 
 /*** MODULEINFO
 	<use>zaptel</use>
+	<use>crypto</use>
  ***/
 
 #include "asterisk.h"
@@ -594,9 +595,9 @@
 	/*! permitted encryption methods */
 	int encmethods;
 	/*! Encryption AES-128 Key */
-	aes_encrypt_ctx ecx;
+	ast_aes_encrypt_key ecx;
 	/*! Decryption AES-128 Key */
-	aes_decrypt_ctx dcx;
+	ast_aes_decrypt_key dcx;
 	/*! 32 bytes of semi-random data */
 	unsigned char semirand[32];
 	/*! Associated registry */
@@ -615,8 +616,8 @@
 	struct sockaddr_in transfer;
 	/*! What's the new call number for the transfer */
 	unsigned short transfercallno;
-	/*! Transfer decrypt AES-128 Key */
-	aes_encrypt_ctx tdcx;
+	/*! Transfer encrypt AES-128 Key */
+	ast_aes_encrypt_key tdcx;
 
 	/*! Status of knowledge of peer ADSI capability */
 	int peeradsicpe;
@@ -3804,13 +3805,13 @@
 	return 0;
 }
 
-static void build_enc_keys(const unsigned char *digest, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
-{
-	aes_encrypt_key128(digest, ecx);
-	aes_decrypt_key128(digest, dcx);
-}
-
-static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, aes_decrypt_ctx *dcx)
+static void build_enc_keys(const unsigned char *digest, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
+{
+	ast_aes_encrypt_key(digest, ecx);
+	ast_aes_decrypt_key(digest, dcx);
+}
+
+static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_decrypt_key *dcx)
 {
 #if 0
 	/* Debug with "fake encryption" */
@@ -3823,7 +3824,7 @@
 	unsigned char lastblock[16] = { 0 };
 	int x;
 	while(len > 0) {
-		aes_decrypt(src, dst, dcx);
+		ast_aes_decrypt(src, dst, dcx);
 		for (x=0;x<16;x++)
 			dst[x] ^= lastblock[x];
 		memcpy(lastblock, src, sizeof(lastblock));
@@ -3834,7 +3835,7 @@
 #endif
 }
 
-static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, aes_encrypt_ctx *ecx)
+static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_encrypt_key *ecx)
 {
 #if 0
 	/* Debug with "fake encryption" */
@@ -3849,7 +3850,7 @@
 	while(len > 0) {
 		for (x=0;x<16;x++)
 			curblock[x] ^= src[x];
-		aes_encrypt(curblock, dst, ecx);
+		ast_aes_encrypt(curblock, dst, ecx);
 		memcpy(curblock, dst, sizeof(curblock)); 
 		dst += 16;
 		src += 16;
@@ -3858,7 +3859,7 @@
 #endif
 }
 
-static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
+static int decode_frame(ast_aes_decrypt_key *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen)
 {
 	int padding;
 	unsigned char *workspace;
@@ -3903,7 +3904,7 @@
 	return 0;
 }
 
-static int encrypt_frame(aes_encrypt_ctx *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
+static int encrypt_frame(ast_aes_encrypt_key *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen)
 {
 	int padding;
 	unsigned char *workspace;
@@ -5262,7 +5263,7 @@
 	
 }
 
-static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx)
+static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx)
 {
 	int res = -1;
 	int x;

Modified: trunk/configure
URL: http://svn.digium.com/view/asterisk/trunk/configure?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/configure (original)
+++ trunk/configure Thu May 24 17:07:50 2007
@@ -737,6 +737,10 @@
 CURSES_INCLUDE
 CURSES_DIR
 PBX_CURSES
+CRYPTO_LIB
+CRYPTO_INCLUDE
+CRYPTO_DIR
+PBX_CRYPTO
 GNUTLS_LIB
 GNUTLS_INCLUDE
 GNUTLS_DIR
@@ -1521,6 +1525,7 @@
   --with-cap=PATH         use POSIX 1.e capabilities files in PATH
   --with-curl=PATH        use cURL files in PATH
   --with-curses=PATH      use curses files in PATH
+  --with-crypto=PATH      use OpenSSL Cryptography Support files in PATH
   --with-gnutls=PATH      use GNU TLS support (used for iksemel only) files in
                           PATH
   --with-gsm=PATH         use GSM files in PATH , or 'internal'
@@ -7778,6 +7783,34 @@
 fi
 
 PBX_CURSES=0
+
+
+
+
+
+
+CRYPTO_DESCRIP="OpenSSL Cryptography Support"
+CRYPTO_OPTION="crypto"
+
+# Check whether --with-crypto was given.
+if test "${with_crypto+set}" = set; then
+  withval=$with_crypto;
+case ${withval} in
+     n|no)
+     USE_CRYPTO=no
+     ;;
+     y|ye|yes)
+     ac_mandatory_list="${ac_mandatory_list} CRYPTO"
+     ;;
+     *)
+     CRYPTO_DIR="${withval}"
+     ac_mandatory_list="${ac_mandatory_list} CRYPTO"
+     ;;
+esac
+
+fi
+
+PBX_CRYPTO=0
 
 
 
@@ -29239,6 +29272,399 @@
 
 
 
+if test "x${PBX_CRYPTO}" != "x1" -a "${USE_CRYPTO}" != "no"; then
+   pbxlibdir=""
+   if test "x${CRYPTO_DIR}" != "x"; then
+      if test -d ${CRYPTO_DIR}/lib; then
+      	 pbxlibdir="-L${CRYPTO_DIR}/lib"
+      else
+      	 pbxlibdir="-L${CRYPTO_DIR}"
+      fi
+   fi
+   pbxfuncname="AES_encrypt"
+   if test "x${pbxfuncname}" = "x" ; then   # empty lib, assume only headers
+      AST_CRYPTO_FOUND=yes
+   else
+      as_ac_Lib=`echo "ac_cv_lib_crypto_${pbxfuncname}" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for ${pbxfuncname} in -lcrypto" >&5
+echo $ECHO_N "checking for ${pbxfuncname} in -lcrypto... $ECHO_C" >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto ${pbxlibdir}  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ${pbxfuncname} ();
+int
+main ()
+{
+return ${pbxfuncname} ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  eval "$as_ac_Lib=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	eval "$as_ac_Lib=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+ac_res=`eval echo '${'$as_ac_Lib'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Lib'}'` = yes; then
+  AST_CRYPTO_FOUND=yes
+else
+  AST_CRYPTO_FOUND=no
+fi
+
+   fi
+
+   if test "${AST_CRYPTO_FOUND}" = "yes"; then
+      CRYPTO_LIB="-lcrypto "
+      CRYPTO_HEADER_FOUND="1"
+      if test "x${CRYPTO_DIR}" != "x"; then
+         CRYPTO_LIB="${pbxlibdir} ${CRYPTO_LIB}"
+	 CRYPTO_INCLUDE="-I${CRYPTO_DIR}/include"
+	 saved_cppflags="${CPPFLAGS}"
+	 CPPFLAGS="${CPPFLAGS} -I${CRYPTO_DIR}/include"
+	 if test "xopenssl/aes.h" != "x" ; then
+	    as_ac_Header=`echo "ac_cv_header_${CRYPTO_DIR}/include/openssl/aes.h" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
+echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+  # Is the header compilable?
+{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h usability" >&5
+echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <${CRYPTO_DIR}/include/openssl/aes.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h presence" >&5
+echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <${CRYPTO_DIR}/include/openssl/aes.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&2;}
+
+    ;;
+esac
+{ echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5
+echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  CRYPTO_HEADER_FOUND=1
+else
+  CRYPTO_HEADER_FOUND=0
+fi
+
+
+	 fi
+	 CPPFLAGS="${saved_cppflags}"
+      else
+	 if test "xopenssl/aes.h" != "x" ; then
+            if test "${ac_cv_header_openssl_aes_h+set}" = set; then
+  { echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
+echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_openssl_aes_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
+echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
+else
+  # Is the header compilable?
+{ echo "$as_me:$LINENO: checking openssl/aes.h usability" >&5
+echo $ECHO_N "checking openssl/aes.h usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <openssl/aes.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking openssl/aes.h presence" >&5
+echo $ECHO_N "checking openssl/aes.h presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <openssl/aes.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: openssl/aes.h: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: openssl/aes.h: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: openssl/aes.h:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: openssl/aes.h: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: openssl/aes.h:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&2;}
+
+    ;;
+esac
+{ echo "$as_me:$LINENO: checking for openssl/aes.h" >&5
+echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_openssl_aes_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_cv_header_openssl_aes_h=$ac_header_preproc
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5
+echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; }
+
+fi
+if test $ac_cv_header_openssl_aes_h = yes; then
+  CRYPTO_HEADER_FOUND=1
+else
+  CRYPTO_HEADER_FOUND=0
+fi
+
+
+	 fi
+      fi
+      if test "x${CRYPTO_HEADER_FOUND}" = "x0" ; then
+         CRYPTO_LIB=""
+         CRYPTO_INCLUDE=""
+      else
+         if test "x${pbxfuncname}" = "x" ; then		# only checking headers -> no library
+	    CRYPTO_LIB=""
+	 fi
+         PBX_CRYPTO=1
+         # XXX don't know how to evaluate the description (third argument) in AC_DEFINE_UNQUOTED
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_CRYPTO 1
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_CRYPTO_VERSION
+_ACEOF
+
+      fi
+   fi
+fi
+
+
+if test "${PBX_CRYPTO}" != "0";
+then
+
 if test "x${PBX_OPENSSL}" != "x1" -a "${USE_OPENSSL}" != "no"; then
    pbxlibdir=""
    if test "x${OPENSSL_DIR}" != "x"; then
@@ -29628,6 +30054,7 @@
    fi
 fi
 
+fi
 
 
 if test "x${PBX_FREETDS}" != "x1" -a "${USE_FREETDS}" != "no"; then
@@ -35694,6 +36121,10 @@
 CURSES_INCLUDE!$CURSES_INCLUDE$ac_delim
 CURSES_DIR!$CURSES_DIR$ac_delim
 PBX_CURSES!$PBX_CURSES$ac_delim
+CRYPTO_LIB!$CRYPTO_LIB$ac_delim
+CRYPTO_INCLUDE!$CRYPTO_INCLUDE$ac_delim
+CRYPTO_DIR!$CRYPTO_DIR$ac_delim
+PBX_CRYPTO!$PBX_CRYPTO$ac_delim
 GNUTLS_LIB!$GNUTLS_LIB$ac_delim
 GNUTLS_INCLUDE!$GNUTLS_INCLUDE$ac_delim
 GNUTLS_DIR!$GNUTLS_DIR$ac_delim
@@ -35766,10 +36197,6 @@
 PRI_INCLUDE!$PRI_INCLUDE$ac_delim
 PRI_DIR!$PRI_DIR$ac_delim
 PBX_PRI!$PBX_PRI$ac_delim
-SS7_LIB!$SS7_LIB$ac_delim
-SS7_INCLUDE!$SS7_INCLUDE$ac_delim
-SS7_DIR!$SS7_DIR$ac_delim
-PBX_SS7!$PBX_SS7$ac_delim
 _ACEOF
 
   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -35811,6 +36238,10 @@
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
   cat >conf$$subs.sed <<_ACEOF
+SS7_LIB!$SS7_LIB$ac_delim
+SS7_INCLUDE!$SS7_INCLUDE$ac_delim
+SS7_DIR!$SS7_DIR$ac_delim
+PBX_SS7!$PBX_SS7$ac_delim
 PWLIB_LIB!$PWLIB_LIB$ac_delim
 PWLIB_INCLUDE!$PWLIB_INCLUDE$ac_delim
 PWLIB_DIR!$PWLIB_DIR$ac_delim
@@ -35904,10 +36335,6 @@
 PWLIB_PLATFORM!$PWLIB_PLATFORM$ac_delim
 OPENH323DIR!$OPENH323DIR$ac_delim
 OPENH323_INCDIR!$OPENH323_INCDIR$ac_delim
-OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
-OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
-OPENH323_BUILD!$OPENH323_BUILD$ac_delim
-QTMOC!$QTMOC$ac_delim
 _ACEOF
 
   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -35949,6 +36376,10 @@
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
   cat >conf$$subs.sed <<_ACEOF
+OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim
+OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim
+OPENH323_BUILD!$OPENH323_BUILD$ac_delim
+QTMOC!$QTMOC$ac_delim
 EDITLINE_LIB!$EDITLINE_LIB$ac_delim
 PBX_H323!$PBX_H323$ac_delim
 PBX_IXJUSER!$PBX_IXJUSER$ac_delim
@@ -35964,7 +36395,7 @@
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

Modified: trunk/configure.ac
URL: http://svn.digium.com/view/asterisk/trunk/configure.ac?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/configure.ac (original)
+++ trunk/configure.ac Thu May 24 17:07:50 2007
@@ -186,6 +186,7 @@
 AST_EXT_LIB_SETUP([CAP], [POSIX 1.e capabilities], [cap])
 AST_EXT_LIB_SETUP([CURL], [cURL], [curl])
 AST_EXT_LIB_SETUP([CURSES], [curses], [curses])
+AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography Support], [crypto])
 AST_EXT_LIB_SETUP([GNUTLS], [GNU TLS support (used for iksemel only)], [gnutls])
 AST_EXT_LIB_SETUP([GSM], [GSM], [gsm], [, or 'internal'])
 AST_EXT_LIB_SETUP([IKSEMEL], [Iksemel Jabber Library], [iksemel])
@@ -846,7 +847,12 @@
 
 AST_EXT_LIB_CHECK([SQLITE3], [sqlite3], [sqlite3_open], [sqlite3.h])
 
-AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
+AST_EXT_LIB_CHECK([CRYPTO], [crypto], [AES_encrypt], [openssl/aes.h])
+
+if test "${PBX_CRYPTO}" != "0";
+then
+    AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto])
+fi
 
 AST_EXT_LIB_CHECK([FREETDS], [tds], [tds_version], [tds.h])
 if test "${PBX_FREETDS}" != "0";

Added: trunk/include/asterisk/aes.h
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/aes.h?view=auto&rev=66071
==============================================================================
--- trunk/include/asterisk/aes.h (added)
+++ trunk/include/asterisk/aes.h Thu May 24 17:07:50 2007
@@ -1,0 +1,65 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 20075, Digium, Inc.
+ *
+ * Kevin P. Fleming <kpfleming at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+/*! \file
+ * \brief Wrappers for AES encryption/decryption
+ *
+ * These wrappers provided a generic interface to either the
+ * AES methods provided by OpenSSL's crypto library, or the
+ * AES implementation included with Asterisk.
+ */
+
+#ifndef _ASTERISK_AES_H
+#define _ASTERISK_AES_H
+
+#ifdef HAVE_CRYPTO
+
+/* Use the OpenSSL crypto library */
+#include "openssl/aes.h"
+
+typedef AES_KEY ast_aes_encrypt_key;
+typedef AES_KEY ast_aes_decrypt_key;
+
+#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 1024, context)
+
+#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 1024, context)
+
+#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context)
+
+#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context)
+
+#else /* !HAVE_CRYPTO */
+
+/* Use the included AES implementation */
+
+#include "aes_internal.h"
+
+typedef aes_encrypt_ctx ast_aes_encrypt_key;
+typedef aes_decrypt_ctx ast_aes_decrypt_key;
+
+#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context)
+
+#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context)
+
+#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context)
+
+#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context)
+
+#endif /* !HAVE_CRYPTO */
+
+#endif /* _ASTERISK_AES_H */

Propchange: trunk/include/asterisk/aes.h
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: trunk/include/asterisk/aes.h
------------------------------------------------------------------------------
    svn:keywords = Author Id Date Revision

Propchange: trunk/include/asterisk/aes.h
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Copied: trunk/include/asterisk/aes_internal.h (from r65968, trunk/include/asterisk/aes.h)
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/aes_internal.h?view=diff&rev=66071&p1=trunk/include/asterisk/aes.h&r1=65968&p2=trunk/include/asterisk/aes_internal.h&r2=66071
==============================================================================
--- trunk/include/asterisk/aes.h (original)
+++ trunk/include/asterisk/aes_internal.h Thu May 24 17:07:50 2007
@@ -46,8 +46,8 @@
  for optimisation details.
 */
 
-#ifndef _AES_H
-#define _AES_H
+#ifndef _AES_INTERNAL_H
+#define _AES_INTERNAL_H
 
 /*  This include is used to find 8 & 32 bit unsigned integer types  */
 #include "limits.h"

Modified: trunk/include/asterisk/autoconfig.h.in
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/autoconfig.h.in?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/include/asterisk/autoconfig.h.in (original)
+++ trunk/include/asterisk/autoconfig.h.in Thu May 24 17:07:50 2007
@@ -76,6 +76,12 @@
 
 /* Define to 1 if your system has a working `chown' function. */
 #undef HAVE_CHOWN
+
+/* Define this to indicate the ${CRYPTO_DESCRIP} library */
+#undef HAVE_CRYPTO
+
+/* Define to indicate the ${CRYPTO_DESCRIP} library version */
+#undef HAVE_CRYPTO_VERSION
 
 /* Define if your system has the curl libraries. */
 #undef HAVE_CURL

Modified: trunk/main/aescrypt.c
URL: http://svn.digium.com/view/asterisk/trunk/main/aescrypt.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/main/aescrypt.c (original)
+++ trunk/main/aescrypt.c Thu May 24 17:07:50 2007
@@ -42,12 +42,14 @@
  * \author Dr Brian Gladman <brg at gladman.me.uk>
  */
 
-#include "aesopt.h"
-
 #if defined(__cplusplus)
 extern "C"
 {
 #endif
+
+#ifndef HAVE_CRYPTO
+
+#include "aesopt.h"
 
 #define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
 #define so(y,x,c)   word_out(y, c, s(x,c))
@@ -312,6 +314,8 @@
 
 #endif
 
+#endif /* !HAVE_CRYPTO */
+
 #if defined(__cplusplus)
 }
 #endif

Modified: trunk/main/aeskey.c
URL: http://svn.digium.com/view/asterisk/trunk/main/aeskey.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/main/aeskey.c (original)
+++ trunk/main/aeskey.c Thu May 24 17:07:50 2007
@@ -41,12 +41,14 @@
  * \author Dr Brian Gladman <brg at gladman.me.uk>
  */
 
-#include "aesopt.h"
-
 #if defined(__cplusplus)
 extern "C"
 {
 #endif
+
+#ifndef HAVE_CRYPTO
+
+#include "aesopt.h"
 
 /* Initialise the key schedule from the user supplied key. The key
    length can be specified in bytes, with legal values of 16, 24
@@ -464,6 +466,8 @@
 
 #endif
 
+#endif /* !HAVE_CRYPTO */
+
 #if defined(__cplusplus)
 }
 #endif

Modified: trunk/main/aestab.c
URL: http://svn.digium.com/view/asterisk/trunk/main/aestab.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/main/aestab.c (original)
+++ trunk/main/aestab.c Thu May 24 17:07:50 2007
@@ -36,6 +36,8 @@
 extern "C"
 {
 #endif
+
+#ifndef HAVE_CRYPTO
 
 #define DO_TABLES
 
@@ -226,6 +228,8 @@
 
 #endif
 
+#endif /* !HAVE_CRYPTO */
+
 #if defined(__cplusplus)
 }
 #endif

Modified: trunk/makeopts.in
URL: http://svn.digium.com/view/asterisk/trunk/makeopts.in?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/makeopts.in (original)
+++ trunk/makeopts.in Thu May 24 17:07:50 2007
@@ -151,6 +151,9 @@
 SSL_INCLUDE=@OPENSSL_INCLUDE@
 SSL_LIB=@OPENSSL_LIB@
 
+CRYPTO_INCLUDE=@CRYPTO_INCLUDE@
+CRYPTO_LIB=@CRYPTO_LIB@
+
 TONEZONE_INCLUDE=@TONEZONE_INCLUDE@
 TONEZONE_LIB=@TONEZONE_LIB@
 

Modified: trunk/pbx/pbx_dundi.c
URL: http://svn.digium.com/view/asterisk/trunk/pbx/pbx_dundi.c?view=diff&rev=66071&r1=66070&r2=66071
==============================================================================
--- trunk/pbx/pbx_dundi.c (original)
+++ trunk/pbx/pbx_dundi.c Thu May 24 17:07:50 2007
@@ -24,6 +24,7 @@
 
 /*** MODULEINFO
 	<depend>zlib</depend>
+	<use>crypto</use>
  ***/
 
 #include "asterisk.h"
@@ -173,8 +174,8 @@
 	int eidcount;                                  /*!< Number of eids in eids */
 	dundi_eid us_eid;                              /*!< Our EID, to them */
 	dundi_eid them_eid;                            /*!< Their EID, to us */
-	aes_encrypt_ctx	ecx;                           /*!< AES 128 Encryption context */
-	aes_decrypt_ctx	dcx;                           /*!< AES 128 Decryption context */
+	ast_aes_encrypt_key ecx;                       /*!< AES 128 Encryption context */
+	ast_aes_decrypt_key dcx;                       /*!< AES 128 Decryption context */
 	unsigned int flags;                            /*!< Has final packet been sent */
 	int ttl;                                       /*!< Remaining TTL for queries on this one */
 	int thread;                                    /*!< We have a calling thread */
@@ -240,11 +241,11 @@
 	unsigned char txenckey[256];           /*!< Transmitted encrypted key + sig */
 	unsigned char rxenckey[256];           /*!< Cache received encrypted key + sig */
 	unsigned long us_keycrc32;             /*!< CRC-32 of our key */
-	aes_encrypt_ctx	us_ecx;                /*!< Cached AES 128 Encryption context */
-	aes_decrypt_ctx	us_dcx;	               /*!< Cached AES 128 Decryption context */
+	ast_aes_encrypt_key us_ecx;            /*!< Cached AES 128 Encryption context */
+	ast_aes_decrypt_key us_dcx;            /*!< Cached AES 128 Decryption context */
 	unsigned long them_keycrc32;           /*!< CRC-32 of our key */
-	aes_encrypt_ctx	them_ecx;              /*!< Cached AES 128 Encryption context */
-	aes_decrypt_ctx	them_dcx;              /*!< Cached AES 128 Decryption context */
+	ast_aes_encrypt_key them_ecx;          /*!< Cached AES 128 Encryption context */
+	ast_aes_decrypt_key them_dcx;          /*!< Cached AES 128 Decryption context */
 	time_t keyexpire;                      /*!< When to expire/recreate key */
 	int registerexpire;
 	int lookuptimes[DUNDI_TIMING_HISTORY];
@@ -1300,8 +1301,8 @@
 	int res;
 	if (!peer->keyexpire || (peer->keyexpire < time(NULL))) {
 		build_iv(key);
-		aes_encrypt_key128(key, &peer->us_ecx);
-		aes_decrypt_key128(key, &peer->us_dcx);
+		ast_aes_encrypt_key(key, &peer->us_ecx);
+		ast_aes_decrypt_key(key, &peer->us_dcx);
 		ekey = ast_key_get(peer->inkey, AST_KEY_PUBLIC);
 		if (!ekey) {
 			ast_log(LOG_NOTICE, "No such key '%s' for creating RSA encrypted shared key for '%s'!\n",
@@ -1331,7 +1332,7 @@
 	return 0;
 }
 
-static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_encrypt_ctx *ecx) 
+static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_encrypt_key *ecx) 
 {
 	unsigned char curblock[16];
 	int x;
@@ -1339,7 +1340,7 @@
 	while(len > 0) {
 		for (x=0;x<16;x++)
 			curblock[x] ^= src[x];
-		aes_encrypt(curblock, dst, ecx);
+		ast_aes_encrypt(curblock, dst, ecx);
 		memcpy(curblock, dst, sizeof(curblock)); 
 		dst += 16;
 		src += 16;
@@ -1347,13 +1348,13 @@
 	}
 	return 0;
 }
-static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_decrypt_ctx *dcx) 
+static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_decrypt_key *dcx) 
 {
 	unsigned char lastblock[16];
 	int x;
 	memcpy(lastblock, iv, sizeof(lastblock));
 	while(len > 0) {
-		aes_decrypt(src, dst, dcx);
+		ast_aes_decrypt(src, dst, dcx);
 		for (x=0;x<16;x++)
 			dst[x] ^= lastblock[x];
 		memcpy(lastblock, src, sizeof(lastblock));
@@ -1507,8 +1508,8 @@
 	memcpy(peer->rxenckey, newkey, 128);
 	memcpy(peer->rxenckey + 128, newsig, 128);
 	peer->them_keycrc32 = crc32(0L, peer->rxenckey, 128);
-	aes_decrypt_key128(dst, &peer->them_dcx);
-	aes_encrypt_key128(dst, &peer->them_ecx);
+	ast_aes_decrypt_key(dst, &peer->them_dcx);
+	ast_aes_encrypt_key(dst, &peer->them_ecx);
 	return 1;
 }
 



More information about the svn-commits mailing list