<p> Attention is currently required from: N A, Joshua Colp, George Joseph, Kevin Harwell. </p>
<p>Sean Bright would like N A, Joshua Colp, George Joseph, Kevin Harwell and Friendly Automation to <strong>review</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/18730">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">Revert "chan_iax2: Prevent crash if dialing RSA-only call without outkey."<br><br>This reverts commit fbe960ca42b7bfed1747b5fbd90cfd264529c41c.<br><br>Reason for revert: This causes a build regression by making OpenSSL a required dependency.<br><br>Change-Id: I08905574aa98a516e391ca9a4118be4be896ab96<br>---<br>M channels/chan_iax2.c<br>1 file changed, 1 insertion(+), 23 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/30/18730/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c</span><br><span>index 6d76dc5..ff235af 100644</span><br><span>--- a/channels/chan_iax2.c</span><br><span>+++ b/channels/chan_iax2.c</span><br><span>@@ -6379,18 +6379,6 @@</span><br><span>         }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-static int invalid_key(ast_aes_decrypt_key *ecx)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">-     int i;</span><br><span style="color: hsl(0, 100%, 40%);">-  for (i = 0; i < 60; i++) {</span><br><span style="color: hsl(0, 100%, 40%);">-           if (ecx->rd_key[i]) {</span><br><span style="color: hsl(0, 100%, 40%);">-                        return 0; /* stop if we encounter anything non-zero */</span><br><span style="color: hsl(0, 100%, 40%);">-          }</span><br><span style="color: hsl(0, 100%, 40%);">-       }</span><br><span style="color: hsl(0, 100%, 40%);">-       /* if ast_aes_encrypt or ast_aes_decrypt is called, then we'll crash when calling AES_encrypt or AES_decrypt */</span><br><span style="color: hsl(0, 100%, 40%);">-     return -1;</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> static void build_encryption_keys(const unsigned char *digest, struct chan_iax2_pvt *pvt)</span><br><span> {</span><br><span>        build_ecx_key(digest, pvt);</span><br><span>@@ -8447,7 +8435,7 @@</span><br><span>                  iax_ie_append_str(ied, IAX_IE_PASSWORD, secret);</span><br><span>                     res = 0;</span><br><span>             } else</span><br><span style="color: hsl(0, 100%, 40%);">-                  ast_log(LOG_WARNING, "No way to send secret to peer '%s' (their methods: %d)\n", ast_sockaddr_stringify_addr(addr), authmethods);</span><br><span style="color: hsl(120, 100%, 40%);">+                   ast_log(LOG_NOTICE, "No way to send secret to peer '%s' (their methods: %d)\n", ast_sockaddr_stringify_addr(addr), authmethods);</span><br><span>   }</span><br><span>    return res;</span><br><span> }</span><br><span>@@ -8532,22 +8520,12 @@</span><br><span>           }</span><br><span>    }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-   if (!(ies->authmethods & (IAX_AUTH_MD5 | IAX_AUTH_PLAINTEXT)) && (ies->authmethods & IAX_AUTH_RSA) && ast_strlen_zero(okey)) {</span><br><span style="color: hsl(0, 100%, 40%);">-            /* If the only thing available is RSA, and we don't have an outkey, we can't do it... */</span><br><span style="color: hsl(0, 100%, 40%);">-                ast_log(LOG_WARNING, "Call terminated. RSA authentication requires an outkey\n");</span><br><span style="color: hsl(0, 100%, 40%);">-             return -1;</span><br><span style="color: hsl(0, 100%, 40%);">-      }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span>    if (ies->encmethods) {</span><br><span>            if (ast_strlen_zero(p->secret) &&</span><br><span>                         ((ies->authmethods & IAX_AUTH_RSA) || (ies->authmethods & IAX_AUTH_MD5) || (ies->authmethods & IAX_AUTH_PLAINTEXT))) {</span><br><span>                  ast_log(LOG_WARNING, "Call terminated. Encryption requested by peer but no secret available locally\n");</span><br><span>                   return -1;</span><br><span>           }</span><br><span style="color: hsl(0, 100%, 40%);">-               /* Don't even THINK about trying to encrypt or decrypt anything if we don't have valid keys, for some reason... */</span><br><span style="color: hsl(0, 100%, 40%);">-              /* If either of these happens, it's our fault, not the user's. But we should abort rather than crash. */</span><br><span style="color: hsl(0, 100%, 40%);">-                ast_assert_return(!invalid_key(&p->ecx), -1);</span><br><span style="color: hsl(0, 100%, 40%);">-            ast_assert_return(!invalid_key(&p->dcx), -1);</span><br><span>                 ast_set_flag64(p, IAX_ENCRYPTED | IAX_KEYPOPULATED);</span><br><span>         } else if (ast_test_flag64(iaxs[callno], IAX_FORCE_ENCRYPT)) {</span><br><span>               ast_log(LOG_NOTICE, "Call initiated without encryption while forceencryption=yes option is set\n");</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/18730">change 18730</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/18730"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I08905574aa98a516e391ca9a4118be4be896ab96 </div>
<div style="display:none"> Gerrit-Change-Number: 18730 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Sean Bright <sean@seanbright.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: N A <mail@interlinked.x10host.com> </div>
<div style="display:none"> Gerrit-Attention: N A <mail@interlinked.x10host.com> </div>
<div style="display:none"> Gerrit-Attention: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Gerrit-Attention: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Attention: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>