diff --git a/build_tools/menuselect-deps.in b/build_tools/menuselect-deps.in index 9319b982d..196542fb4 100644 --- a/build_tools/menuselect-deps.in +++ b/build_tools/menuselect-deps.in @@ -26,6 +26,7 @@ SPEEX=@PBX_SPEEX@ SQLITE=@PBX_SQLITE@ SQLITE3=@PBX_SQLITE3@ SSL=@PBX_OPENSSL@ +CRYPTO=@PBX_CRYPTO@ TONEZONE=@PBX_TONEZONE@ UNIXODBC=@PBX_UNIXODBC@ VORBIS=@PBX_VORBIS@ diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index a62d9fc90..cf93f6c5f 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -30,6 +30,7 @@ /*** MODULEINFO zaptel + crypto ***/ #include "asterisk.h" @@ -594,9 +595,9 @@ struct chan_iax2_pvt { /*! permitted encryption methods */ int encmethods; /*! Encryption AES-128 Key */ - aes_encrypt_ctx ecx; + ast_aes_encrypt_key ecx; /*! Decryption AES-128 Key */ - aes_decrypt_ctx dcx; + ast_aes_decrypt_key dcx; /*! 32 bytes of semi-random data */ unsigned char semirand[32]; /*! Associated registry */ @@ -615,8 +616,8 @@ struct chan_iax2_pvt { struct sockaddr_in transfer; /*! What's the new call number for the transfer */ unsigned short transfercallno; - /*! Transfer decrypt AES-128 Key */ - aes_encrypt_ctx tdcx; + /*! Transfer encrypt AES-128 Key */ + ast_aes_encrypt_key tdcx; /*! Status of knowledge of peer ADSI capability */ int peeradsicpe; @@ -3804,13 +3805,13 @@ static int iax2_trunk_queue(struct chan_iax2_pvt *pvt, struct iax_frame *fr) return 0; } -static void build_enc_keys(const unsigned char *digest, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx) +static void build_enc_keys(const unsigned char *digest, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx) { - aes_encrypt_key128(digest, ecx); - aes_decrypt_key128(digest, dcx); + ast_aes_encrypt_key(digest, ecx); + ast_aes_decrypt_key(digest, dcx); } -static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, aes_decrypt_ctx *dcx) +static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_decrypt_key *dcx) { #if 0 /* Debug with "fake encryption" */ @@ -3823,7 +3824,7 @@ static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len unsigned char lastblock[16] = { 0 }; int x; while(len > 0) { - aes_decrypt(src, dst, dcx); + ast_aes_decrypt(src, dst, dcx); for (x=0;x<16;x++) dst[x] ^= lastblock[x]; memcpy(lastblock, src, sizeof(lastblock)); @@ -3834,7 +3835,7 @@ static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len #endif } -static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, aes_encrypt_ctx *ecx) +static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_encrypt_key *ecx) { #if 0 /* Debug with "fake encryption" */ @@ -3849,7 +3850,7 @@ static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len while(len > 0) { for (x=0;x<16;x++) curblock[x] ^= src[x]; - aes_encrypt(curblock, dst, ecx); + ast_aes_encrypt(curblock, dst, ecx); memcpy(curblock, dst, sizeof(curblock)); dst += 16; src += 16; @@ -3858,7 +3859,7 @@ static void memcpy_encrypt(unsigned char *dst, const unsigned char *src, int len #endif } -static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen) +static int decode_frame(ast_aes_decrypt_key *dcx, struct ast_iax2_full_hdr *fh, struct ast_frame *f, int *datalen) { int padding; unsigned char *workspace; @@ -3903,7 +3904,7 @@ static int decode_frame(aes_decrypt_ctx *dcx, struct ast_iax2_full_hdr *fh, stru return 0; } -static int encrypt_frame(aes_encrypt_ctx *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen) +static int encrypt_frame(ast_aes_encrypt_key *ecx, struct ast_iax2_full_hdr *fh, unsigned char *poo, int *datalen) { int padding; unsigned char *workspace; @@ -5262,7 +5263,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * } -static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, aes_encrypt_ctx *ecx, aes_decrypt_ctx *dcx) +static int authenticate(const char *challenge, const char *secret, const char *keyn, int authmethods, struct iax_ie_data *ied, struct sockaddr_in *sin, ast_aes_encrypt_key *ecx, ast_aes_decrypt_key *dcx) { int res = -1; int x; diff --git a/configure b/configure index f8d83207d..28fed023f 100755 --- a/configure +++ b/configure @@ -737,6 +737,10 @@ CURSES_LIB CURSES_INCLUDE CURSES_DIR PBX_CURSES +CRYPTO_LIB +CRYPTO_INCLUDE +CRYPTO_DIR +PBX_CRYPTO GNUTLS_LIB GNUTLS_INCLUDE GNUTLS_DIR @@ -1521,6 +1525,7 @@ Optional Packages: --with-cap=PATH use POSIX 1.e capabilities files in PATH --with-curl=PATH use cURL files in PATH --with-curses=PATH use curses files in PATH + --with-crypto=PATH use OpenSSL Cryptography Support files in PATH --with-gnutls=PATH use GNU TLS support (used for iksemel only) files in PATH --with-gsm=PATH use GSM files in PATH , or 'internal' @@ -7784,6 +7789,34 @@ PBX_CURSES=0 +CRYPTO_DESCRIP="OpenSSL Cryptography Support" +CRYPTO_OPTION="crypto" + +# Check whether --with-crypto was given. +if test "${with_crypto+set}" = set; then + withval=$with_crypto; +case ${withval} in + n|no) + USE_CRYPTO=no + ;; + y|ye|yes) + ac_mandatory_list="${ac_mandatory_list} CRYPTO" + ;; + *) + CRYPTO_DIR="${withval}" + ac_mandatory_list="${ac_mandatory_list} CRYPTO" + ;; +esac + +fi + +PBX_CRYPTO=0 + + + + + + GNUTLS_DESCRIP="GNU TLS support (used for iksemel only)" GNUTLS_OPTION="gnutls" @@ -29239,6 +29272,399 @@ fi +if test "x${PBX_CRYPTO}" != "x1" -a "${USE_CRYPTO}" != "no"; then + pbxlibdir="" + if test "x${CRYPTO_DIR}" != "x"; then + if test -d ${CRYPTO_DIR}/lib; then + pbxlibdir="-L${CRYPTO_DIR}/lib" + else + pbxlibdir="-L${CRYPTO_DIR}" + fi + fi + pbxfuncname="AES_encrypt" + if test "x${pbxfuncname}" = "x" ; then # empty lib, assume only headers + AST_CRYPTO_FOUND=yes + else + as_ac_Lib=`echo "ac_cv_lib_crypto_${pbxfuncname}" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for ${pbxfuncname} in -lcrypto" >&5 +echo $ECHO_N "checking for ${pbxfuncname} in -lcrypto... $ECHO_C" >&6; } +if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto ${pbxlibdir} $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ${pbxfuncname} (); +int +main () +{ +return ${pbxfuncname} (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + eval "$as_ac_Lib=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_Lib=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +ac_res=`eval echo '${'$as_ac_Lib'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_Lib'}'` = yes; then + AST_CRYPTO_FOUND=yes +else + AST_CRYPTO_FOUND=no +fi + + fi + + if test "${AST_CRYPTO_FOUND}" = "yes"; then + CRYPTO_LIB="-lcrypto " + CRYPTO_HEADER_FOUND="1" + if test "x${CRYPTO_DIR}" != "x"; then + CRYPTO_LIB="${pbxlibdir} ${CRYPTO_LIB}" + CRYPTO_INCLUDE="-I${CRYPTO_DIR}/include" + saved_cppflags="${CPPFLAGS}" + CPPFLAGS="${CPPFLAGS} -I${CRYPTO_DIR}/include" + if test "xopenssl/aes.h" != "x" ; then + as_ac_Header=`echo "ac_cv_header_${CRYPTO_DIR}/include/openssl/aes.h" | $as_tr_sh` +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + { echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5 +echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +ac_res=`eval echo '${'$as_ac_Header'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h usability" >&5 +echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <${CRYPTO_DIR}/include/openssl/aes.h> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking ${CRYPTO_DIR}/include/openssl/aes.h presence" >&5 +echo $ECHO_N "checking ${CRYPTO_DIR}/include/openssl/aes.h presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <${CRYPTO_DIR}/include/openssl/aes.h> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: ${CRYPTO_DIR}/include/openssl/aes.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for ${CRYPTO_DIR}/include/openssl/aes.h" >&5 +echo $ECHO_N "checking for ${CRYPTO_DIR}/include/openssl/aes.h... $ECHO_C" >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +ac_res=`eval echo '${'$as_ac_Header'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + CRYPTO_HEADER_FOUND=1 +else + CRYPTO_HEADER_FOUND=0 +fi + + + fi + CPPFLAGS="${saved_cppflags}" + else + if test "xopenssl/aes.h" != "x" ; then + if test "${ac_cv_header_openssl_aes_h+set}" = set; then + { echo "$as_me:$LINENO: checking for openssl/aes.h" >&5 +echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; } +if test "${ac_cv_header_openssl_aes_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5 +echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking openssl/aes.h usability" >&5 +echo $ECHO_N "checking openssl/aes.h usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking openssl/aes.h presence" >&5 +echo $ECHO_N "checking openssl/aes.h presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: openssl/aes.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: openssl/aes.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: openssl/aes.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: openssl/aes.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: openssl/aes.h: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: openssl/aes.h: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: openssl/aes.h: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: openssl/aes.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for openssl/aes.h" >&5 +echo $ECHO_N "checking for openssl/aes.h... $ECHO_C" >&6; } +if test "${ac_cv_header_openssl_aes_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_header_openssl_aes_h=$ac_header_preproc +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_aes_h" >&5 +echo "${ECHO_T}$ac_cv_header_openssl_aes_h" >&6; } + +fi +if test $ac_cv_header_openssl_aes_h = yes; then + CRYPTO_HEADER_FOUND=1 +else + CRYPTO_HEADER_FOUND=0 +fi + + + fi + fi + if test "x${CRYPTO_HEADER_FOUND}" = "x0" ; then + CRYPTO_LIB="" + CRYPTO_INCLUDE="" + else + if test "x${pbxfuncname}" = "x" ; then # only checking headers -> no library + CRYPTO_LIB="" + fi + PBX_CRYPTO=1 + # XXX don't know how to evaluate the description (third argument) in AC_DEFINE_UNQUOTED + +cat >>confdefs.h <<_ACEOF +#define HAVE_CRYPTO 1 +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define HAVE_CRYPTO_VERSION +_ACEOF + + fi + fi +fi + + +if test "${PBX_CRYPTO}" != "0"; +then + if test "x${PBX_OPENSSL}" != "x1" -a "${USE_OPENSSL}" != "no"; then pbxlibdir="" if test "x${OPENSSL_DIR}" != "x"; then @@ -29628,6 +30054,7 @@ _ACEOF fi fi +fi if test "x${PBX_FREETDS}" != "x1" -a "${USE_FREETDS}" != "no"; then @@ -35694,6 +36121,10 @@ CURSES_LIB!$CURSES_LIB$ac_delim CURSES_INCLUDE!$CURSES_INCLUDE$ac_delim CURSES_DIR!$CURSES_DIR$ac_delim PBX_CURSES!$PBX_CURSES$ac_delim +CRYPTO_LIB!$CRYPTO_LIB$ac_delim +CRYPTO_INCLUDE!$CRYPTO_INCLUDE$ac_delim +CRYPTO_DIR!$CRYPTO_DIR$ac_delim +PBX_CRYPTO!$PBX_CRYPTO$ac_delim GNUTLS_LIB!$GNUTLS_LIB$ac_delim GNUTLS_INCLUDE!$GNUTLS_INCLUDE$ac_delim GNUTLS_DIR!$GNUTLS_DIR$ac_delim @@ -35766,10 +36197,6 @@ PRI_LIB!$PRI_LIB$ac_delim PRI_INCLUDE!$PRI_INCLUDE$ac_delim PRI_DIR!$PRI_DIR$ac_delim PBX_PRI!$PBX_PRI$ac_delim -SS7_LIB!$SS7_LIB$ac_delim -SS7_INCLUDE!$SS7_INCLUDE$ac_delim -SS7_DIR!$SS7_DIR$ac_delim -PBX_SS7!$PBX_SS7$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -35811,6 +36238,10 @@ _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF +SS7_LIB!$SS7_LIB$ac_delim +SS7_INCLUDE!$SS7_INCLUDE$ac_delim +SS7_DIR!$SS7_DIR$ac_delim +PBX_SS7!$PBX_SS7$ac_delim PWLIB_LIB!$PWLIB_LIB$ac_delim PWLIB_INCLUDE!$PWLIB_INCLUDE$ac_delim PWLIB_DIR!$PWLIB_DIR$ac_delim @@ -35904,10 +36335,6 @@ PWLIB_LIBDIR!$PWLIB_LIBDIR$ac_delim PWLIB_PLATFORM!$PWLIB_PLATFORM$ac_delim OPENH323DIR!$OPENH323DIR$ac_delim OPENH323_INCDIR!$OPENH323_INCDIR$ac_delim -OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim -OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim -OPENH323_BUILD!$OPENH323_BUILD$ac_delim -QTMOC!$QTMOC$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -35949,6 +36376,10 @@ _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF +OPENH323_LIBDIR!$OPENH323_LIBDIR$ac_delim +OPENH323_SUFFIX!$OPENH323_SUFFIX$ac_delim +OPENH323_BUILD!$OPENH323_BUILD$ac_delim +QTMOC!$QTMOC$ac_delim EDITLINE_LIB!$EDITLINE_LIB$ac_delim PBX_H323!$PBX_H323$ac_delim PBX_IXJUSER!$PBX_IXJUSER$ac_delim @@ -35964,7 +36395,7 @@ CURL_CONFIG!$CURL_CONFIG$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/configure.ac b/configure.ac index bdb814c40..185eb3d3e 100644 --- a/configure.ac +++ b/configure.ac @@ -186,6 +186,7 @@ AST_EXT_LIB_SETUP([BKTR], [Stack Backtrace support], [execinfo]) AST_EXT_LIB_SETUP([CAP], [POSIX 1.e capabilities], [cap]) AST_EXT_LIB_SETUP([CURL], [cURL], [curl]) AST_EXT_LIB_SETUP([CURSES], [curses], [curses]) +AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography Support], [crypto]) AST_EXT_LIB_SETUP([GNUTLS], [GNU TLS support (used for iksemel only)], [gnutls]) AST_EXT_LIB_SETUP([GSM], [GSM], [gsm], [, or 'internal']) AST_EXT_LIB_SETUP([IKSEMEL], [Iksemel Jabber Library], [iksemel]) @@ -846,7 +847,12 @@ AST_EXT_LIB_CHECK([SQLITE], [sqlite], [sqlite_exec], [sqlite.h]) AST_EXT_LIB_CHECK([SQLITE3], [sqlite3], [sqlite3_open], [sqlite3.h]) -AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto]) +AST_EXT_LIB_CHECK([CRYPTO], [crypto], [AES_encrypt], [openssl/aes.h]) + +if test "${PBX_CRYPTO}" != "0"; +then + AST_EXT_LIB_CHECK([OPENSSL], [ssl], [ssl2_connect], [openssl/ssl.h], [-lcrypto]) +fi AST_EXT_LIB_CHECK([FREETDS], [tds], [tds_version], [tds.h]) if test "${PBX_FREETDS}" != "0"; diff --git a/include/asterisk/aes.h b/include/asterisk/aes.h index af648e8ee..bf7996806 100644 --- a/include/asterisk/aes.h +++ b/include/asterisk/aes.h @@ -1,170 +1,65 @@ /* * Asterisk -- An open source telephony toolkit. * + * Copyright (C) 20075, Digium, Inc. + * + * Kevin P. Fleming + * * See http://www.asterisk.org for more information about * the Asterisk project. Please do not directly contact * any of the maintainers of this project for assistance; * the project provides a web site, mailing lists and IRC * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. */ -/* - --------------------------------------------------------------------------- - Copyright (c) 2003, Dr Brian Gladman , Worcester, UK. - All rights reserved. +/*! \file + * \brief Wrappers for AES encryption/decryption + * + * These wrappers provided a generic interface to either the + * AES methods provided by OpenSSL's crypto library, or the + * AES implementation included with Asterisk. + */ - LICENSE TERMS +#ifndef _ASTERISK_AES_H +#define _ASTERISK_AES_H - The free distribution and use of this software in both source and binary - form is allowed (with or without changes) provided that: +#ifdef HAVE_CRYPTO - 1. distributions of this source code include the above copyright - notice, this list of conditions and the following disclaimer; +/* Use the OpenSSL crypto library */ +#include "openssl/aes.h" - 2. distributions in binary form include the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other associated materials; +typedef AES_KEY ast_aes_encrypt_key; +typedef AES_KEY ast_aes_decrypt_key; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. +#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 1024, context) - ALTERNATIVELY, provided that this notice is retained in full, this product - may be distributed under the terms of the GNU General Public License (GPL), - in which case the provisions of the GPL apply INSTEAD OF those given above. +#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 1024, context) - DISCLAIMER +#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context) - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 26/08/2003 -*/ -/*!\file +#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context) - \brief This file contains the definitions required to use AES in C. See aesopt.h - for optimisation details. -*/ +#else /* !HAVE_CRYPTO */ -#ifndef _AES_H -#define _AES_H +/* Use the included AES implementation */ -/* This include is used to find 8 & 32 bit unsigned integer types */ -#include "limits.h" +#include "aes_internal.h" -#if defined(__cplusplus) -extern "C" -{ -#endif +typedef aes_encrypt_ctx ast_aes_encrypt_key; +typedef aes_decrypt_ctx ast_aes_decrypt_key; -#define AES_128 /* define if AES with 128 bit keys is needed */ -#undef AES_192 /* define if AES with 192 bit keys is needed */ -#undef AES_256 /* define if AES with 256 bit keys is needed */ -#undef AES_VAR /* define if a variable key size is needed */ +#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context) -/* The following must also be set in assembler files if being used */ +#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context) -#define AES_ENCRYPT /* if support for encryption is needed */ -#define AES_DECRYPT /* if support for decryption is needed */ -#define AES_ERR_CHK /* for parameter checks & error return codes */ +#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context) -#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */ - typedef unsigned char aes_08t; -#else -#error Please define aes_08t as an 8-bit unsigned integer type in aes.h -#endif +#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context) -#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */ - typedef unsigned int aes_32t; -#elif ULONG_MAX == 0xffffffff - typedef unsigned long aes_32t; -#else -#error Please define aes_32t as a 32-bit unsigned integer type in aes.h -#endif +#endif /* !HAVE_CRYPTO */ -#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */ -#define N_COLS 4 /* the number of columns in the state */ - -/* a maximum of 60 32-bit words are needed for the key schedule but */ -/* 64 are claimed to allow space at the top for a CBC xor buffer. */ -/* If this is not needed, this value can be reduced to 60. A value */ -/* of 64 may also help in maintaining alignment in some situations */ -#define KS_LENGTH 64 - -#ifdef AES_ERR_CHK -#define aes_ret int -#define aes_good 0 -#define aes_error -1 -#else -#define aes_ret void -#endif - -#ifndef AES_DLL /* implement normal/DLL functions */ -#define aes_rval aes_ret -#else -#define aes_rval aes_ret __declspec(dllexport) _stdcall -#endif - -/* This routine must be called before first use if non-static */ -/* tables are being used */ - -void gen_tabs(void); - -/* The key length (klen) is input in bytes when it is in the range */ -/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */ - -#ifdef AES_ENCRYPT - -typedef struct -{ aes_32t ks[KS_LENGTH]; -} aes_encrypt_ctx; - -#if defined(AES_128) || defined(AES_VAR) -aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]); -#endif - -#if defined(AES_192) || defined(AES_VAR) -aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]); -#endif - -#if defined(AES_256) || defined(AES_VAR) -aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]); -#endif - -#if defined(AES_VAR) -aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]); -#endif - -aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]); -#endif - -#ifdef AES_DECRYPT - -typedef struct -{ aes_32t ks[KS_LENGTH]; -} aes_decrypt_ctx; - -#if defined(AES_128) || defined(AES_VAR) -aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]); -#endif - -#if defined(AES_192) || defined(AES_VAR) -aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]); -#endif - -#if defined(AES_256) || defined(AES_VAR) -aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]); -#endif - -#if defined(AES_VAR) -aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]); -#endif - -aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]); -#endif - -#if defined(__cplusplus) -} -#endif - -#endif +#endif /* _ASTERISK_AES_H */ diff --git a/include/asterisk/aes_internal.h b/include/asterisk/aes_internal.h new file mode 100644 index 000000000..18c27a6d4 --- /dev/null +++ b/include/asterisk/aes_internal.h @@ -0,0 +1,170 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + */ + +/* + --------------------------------------------------------------------------- + Copyright (c) 2003, Dr Brian Gladman , Worcester, UK. + All rights reserved. + + LICENSE TERMS + + The free distribution and use of this software in both source and binary + form is allowed (with or without changes) provided that: + + 1. distributions of this source code include the above copyright + notice, this list of conditions and the following disclaimer; + + 2. distributions in binary form include the above copyright + notice, this list of conditions and the following disclaimer + in the documentation and/or other associated materials; + + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. + + ALTERNATIVELY, provided that this notice is retained in full, this product + may be distributed under the terms of the GNU General Public License (GPL), + in which case the provisions of the GPL apply INSTEAD OF those given above. + + DISCLAIMER + + This software is provided 'as is' with no explicit or implied warranties + in respect of its properties, including, but not limited to, correctness + and/or fitness for purpose. + --------------------------------------------------------------------------- + Issue Date: 26/08/2003 +*/ +/*!\file + + \brief This file contains the definitions required to use AES in C. See aesopt.h + for optimisation details. +*/ + +#ifndef _AES_INTERNAL_H +#define _AES_INTERNAL_H + +/* This include is used to find 8 & 32 bit unsigned integer types */ +#include "limits.h" + +#if defined(__cplusplus) +extern "C" +{ +#endif + +#define AES_128 /* define if AES with 128 bit keys is needed */ +#undef AES_192 /* define if AES with 192 bit keys is needed */ +#undef AES_256 /* define if AES with 256 bit keys is needed */ +#undef AES_VAR /* define if a variable key size is needed */ + +/* The following must also be set in assembler files if being used */ + +#define AES_ENCRYPT /* if support for encryption is needed */ +#define AES_DECRYPT /* if support for decryption is needed */ +#define AES_ERR_CHK /* for parameter checks & error return codes */ + +#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */ + typedef unsigned char aes_08t; +#else +#error Please define aes_08t as an 8-bit unsigned integer type in aes.h +#endif + +#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */ + typedef unsigned int aes_32t; +#elif ULONG_MAX == 0xffffffff + typedef unsigned long aes_32t; +#else +#error Please define aes_32t as a 32-bit unsigned integer type in aes.h +#endif + +#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */ +#define N_COLS 4 /* the number of columns in the state */ + +/* a maximum of 60 32-bit words are needed for the key schedule but */ +/* 64 are claimed to allow space at the top for a CBC xor buffer. */ +/* If this is not needed, this value can be reduced to 60. A value */ +/* of 64 may also help in maintaining alignment in some situations */ +#define KS_LENGTH 64 + +#ifdef AES_ERR_CHK +#define aes_ret int +#define aes_good 0 +#define aes_error -1 +#else +#define aes_ret void +#endif + +#ifndef AES_DLL /* implement normal/DLL functions */ +#define aes_rval aes_ret +#else +#define aes_rval aes_ret __declspec(dllexport) _stdcall +#endif + +/* This routine must be called before first use if non-static */ +/* tables are being used */ + +void gen_tabs(void); + +/* The key length (klen) is input in bytes when it is in the range */ +/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */ + +#ifdef AES_ENCRYPT + +typedef struct +{ aes_32t ks[KS_LENGTH]; +} aes_encrypt_ctx; + +#if defined(AES_128) || defined(AES_VAR) +aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]); +#endif + +#if defined(AES_192) || defined(AES_VAR) +aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]); +#endif + +#if defined(AES_256) || defined(AES_VAR) +aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]); +#endif + +#if defined(AES_VAR) +aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]); +#endif + +aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]); +#endif + +#ifdef AES_DECRYPT + +typedef struct +{ aes_32t ks[KS_LENGTH]; +} aes_decrypt_ctx; + +#if defined(AES_128) || defined(AES_VAR) +aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]); +#endif + +#if defined(AES_192) || defined(AES_VAR) +aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]); +#endif + +#if defined(AES_256) || defined(AES_VAR) +aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]); +#endif + +#if defined(AES_VAR) +aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]); +#endif + +aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]); +#endif + +#if defined(__cplusplus) +} +#endif + +#endif diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in index 7481fa83e..915c0c7d8 100644 --- a/include/asterisk/autoconfig.h.in +++ b/include/asterisk/autoconfig.h.in @@ -77,6 +77,12 @@ /* Define to 1 if your system has a working `chown' function. */ #undef HAVE_CHOWN +/* Define this to indicate the ${CRYPTO_DESCRIP} library */ +#undef HAVE_CRYPTO + +/* Define to indicate the ${CRYPTO_DESCRIP} library version */ +#undef HAVE_CRYPTO_VERSION + /* Define if your system has the curl libraries. */ #undef HAVE_CURL diff --git a/main/aescrypt.c b/main/aescrypt.c index 1ccddf3f5..7b34809bb 100644 --- a/main/aescrypt.c +++ b/main/aescrypt.c @@ -42,13 +42,15 @@ * \author Dr Brian Gladman */ -#include "aesopt.h" - #if defined(__cplusplus) extern "C" { #endif +#ifndef HAVE_CRYPTO + +#include "aesopt.h" + #define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c]) #define so(y,x,c) word_out(y, c, s(x,c)) @@ -312,6 +314,8 @@ aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx #endif +#endif /* !HAVE_CRYPTO */ + #if defined(__cplusplus) } #endif diff --git a/main/aeskey.c b/main/aeskey.c index d34badc6b..cd0c7faf8 100644 --- a/main/aeskey.c +++ b/main/aeskey.c @@ -41,13 +41,15 @@ * \author Dr Brian Gladman */ -#include "aesopt.h" - #if defined(__cplusplus) extern "C" { #endif +#ifndef HAVE_CRYPTO + +#include "aesopt.h" + /* Initialise the key schedule from the user supplied key. The key length can be specified in bytes, with legal values of 16, 24 and 32, or in bits, with legal values of 128, 192 and 256. These @@ -464,6 +466,8 @@ aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]) #endif +#endif /* !HAVE_CRYPTO */ + #if defined(__cplusplus) } #endif diff --git a/main/aestab.c b/main/aestab.c index c84a480af..b134d22d8 100644 --- a/main/aestab.c +++ b/main/aestab.c @@ -37,6 +37,8 @@ extern "C" { #endif +#ifndef HAVE_CRYPTO + #define DO_TABLES #include "aesopt.h" @@ -226,6 +228,8 @@ void gen_tabs(void) #endif +#endif /* !HAVE_CRYPTO */ + #if defined(__cplusplus) } #endif diff --git a/makeopts.in b/makeopts.in index 1bfb8789c..e2aeda7cd 100644 --- a/makeopts.in +++ b/makeopts.in @@ -151,6 +151,9 @@ SQLITE3_LIB=@SQLITE3_LIB@ SSL_INCLUDE=@OPENSSL_INCLUDE@ SSL_LIB=@OPENSSL_LIB@ +CRYPTO_INCLUDE=@CRYPTO_INCLUDE@ +CRYPTO_LIB=@CRYPTO_LIB@ + TONEZONE_INCLUDE=@TONEZONE_INCLUDE@ TONEZONE_LIB=@TONEZONE_LIB@ diff --git a/pbx/pbx_dundi.c b/pbx/pbx_dundi.c index 685711170..fd265f496 100644 --- a/pbx/pbx_dundi.c +++ b/pbx/pbx_dundi.c @@ -24,6 +24,7 @@ /*** MODULEINFO zlib + crypto ***/ #include "asterisk.h" @@ -173,8 +174,8 @@ struct dundi_transaction { int eidcount; /*!< Number of eids in eids */ dundi_eid us_eid; /*!< Our EID, to them */ dundi_eid them_eid; /*!< Their EID, to us */ - aes_encrypt_ctx ecx; /*!< AES 128 Encryption context */ - aes_decrypt_ctx dcx; /*!< AES 128 Decryption context */ + ast_aes_encrypt_key ecx; /*!< AES 128 Encryption context */ + ast_aes_decrypt_key dcx; /*!< AES 128 Decryption context */ unsigned int flags; /*!< Has final packet been sent */ int ttl; /*!< Remaining TTL for queries on this one */ int thread; /*!< We have a calling thread */ @@ -240,11 +241,11 @@ struct dundi_peer { unsigned char txenckey[256]; /*!< Transmitted encrypted key + sig */ unsigned char rxenckey[256]; /*!< Cache received encrypted key + sig */ unsigned long us_keycrc32; /*!< CRC-32 of our key */ - aes_encrypt_ctx us_ecx; /*!< Cached AES 128 Encryption context */ - aes_decrypt_ctx us_dcx; /*!< Cached AES 128 Decryption context */ + ast_aes_encrypt_key us_ecx; /*!< Cached AES 128 Encryption context */ + ast_aes_decrypt_key us_dcx; /*!< Cached AES 128 Decryption context */ unsigned long them_keycrc32; /*!< CRC-32 of our key */ - aes_encrypt_ctx them_ecx; /*!< Cached AES 128 Encryption context */ - aes_decrypt_ctx them_dcx; /*!< Cached AES 128 Decryption context */ + ast_aes_encrypt_key them_ecx; /*!< Cached AES 128 Encryption context */ + ast_aes_decrypt_key them_dcx; /*!< Cached AES 128 Decryption context */ time_t keyexpire; /*!< When to expire/recreate key */ int registerexpire; int lookuptimes[DUNDI_TIMING_HISTORY]; @@ -1300,8 +1301,8 @@ static int update_key(struct dundi_peer *peer) int res; if (!peer->keyexpire || (peer->keyexpire < time(NULL))) { build_iv(key); - aes_encrypt_key128(key, &peer->us_ecx); - aes_decrypt_key128(key, &peer->us_dcx); + ast_aes_encrypt_key(key, &peer->us_ecx); + ast_aes_decrypt_key(key, &peer->us_dcx); ekey = ast_key_get(peer->inkey, AST_KEY_PUBLIC); if (!ekey) { ast_log(LOG_NOTICE, "No such key '%s' for creating RSA encrypted shared key for '%s'!\n", @@ -1331,7 +1332,7 @@ static int update_key(struct dundi_peer *peer) return 0; } -static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_encrypt_ctx *ecx) +static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_encrypt_key *ecx) { unsigned char curblock[16]; int x; @@ -1339,7 +1340,7 @@ static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsig while(len > 0) { for (x=0;x<16;x++) curblock[x] ^= src[x]; - aes_encrypt(curblock, dst, ecx); + ast_aes_encrypt(curblock, dst, ecx); memcpy(curblock, dst, sizeof(curblock)); dst += 16; src += 16; @@ -1347,13 +1348,13 @@ static int encrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsig } return 0; } -static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, aes_decrypt_ctx *dcx) +static int decrypt_memcpy(unsigned char *dst, unsigned char *src, int len, unsigned char *iv, ast_aes_decrypt_key *dcx) { unsigned char lastblock[16]; int x; memcpy(lastblock, iv, sizeof(lastblock)); while(len > 0) { - aes_decrypt(src, dst, dcx); + ast_aes_decrypt(src, dst, dcx); for (x=0;x<16;x++) dst[x] ^= lastblock[x]; memcpy(lastblock, src, sizeof(lastblock)); @@ -1507,8 +1508,8 @@ static int check_key(struct dundi_peer *peer, unsigned char *newkey, unsigned ch memcpy(peer->rxenckey, newkey, 128); memcpy(peer->rxenckey + 128, newsig, 128); peer->them_keycrc32 = crc32(0L, peer->rxenckey, 128); - aes_decrypt_key128(dst, &peer->them_dcx); - aes_encrypt_key128(dst, &peer->them_ecx); + ast_aes_decrypt_key(dst, &peer->them_dcx); + ast_aes_encrypt_key(dst, &peer->them_ecx); return 1; }