use the OpenSSL AES implementation if it's available (unless configured not to)

git-svn-id: http://svn.digium.com/svn/asterisk/trunk@66071 f38db490-d61c-443f-a65b-d21fe96a405b

3 files changed, 213 insertions, 142 deletions

diff --git a/include/asterisk/aes.h b/include/asterisk/aes.h
index af648e8ee..bf7996806 100644
--- a/include/asterisk/aes.h
+++ b/include/asterisk/aes.h
@@ -1,170 +1,65 @@
 /*
  * Asterisk -- An open source telephony toolkit.
  *
+ * Copyright (C) 20075, Digium, Inc.
+ *
+ * Kevin P. Fleming <kpfleming@digium.com>
+ *
  * See http://www.asterisk.org for more information about
  * the Asterisk project. Please do not directly contact
  * any of the maintainers of this project for assistance;
  * the project provides a web site, mailing lists and IRC
  * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
  */
 
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
- All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
-   1. distributions of this source code include the above copyright
-      notice, this list of conditions and the following disclaimer;
-
-   2. distributions in binary form include the above copyright
-      notice, this list of conditions and the following disclaimer
-      in the documentation and/or other associated materials;
-
-   3. the copyright holder's name is not used to endorse products
-      built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue Date: 26/08/2003
-*/
-/*!\file
-
- \brief This file contains the definitions required to use AES in C. See aesopt.h
- for optimisation details.
-*/
-
-#ifndef _AES_H
-#define _AES_H
-
-/*  This include is used to find 8 & 32 bit unsigned integer types  */
-#include "limits.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#define AES_128     /* define if AES with 128 bit keys is needed    */
-#undef AES_192     /* define if AES with 192 bit keys is needed    */
-#undef AES_256     /* define if AES with 256 bit keys is needed    */
-#undef AES_VAR     /* define if a variable key size is needed      */
-
-/* The following must also be set in assembler files if being used  */
-
-#define AES_ENCRYPT /* if support for encryption is needed          */
-#define AES_DECRYPT /* if support for decryption is needed          */
-#define AES_ERR_CHK /* for parameter checks & error return codes    */
-
-#if UCHAR_MAX == 0xff                   /* an unsigned 8 bit type   */
-  typedef unsigned char      aes_08t;
-#else
-#error Please define aes_08t as an 8-bit unsigned integer type in aes.h
-#endif
-
-#if UINT_MAX == 0xffffffff              /* an unsigned 32 bit type  */
-  typedef   unsigned int     aes_32t;
-#elif ULONG_MAX == 0xffffffff
-  typedef   unsigned long    aes_32t;
-#else
-#error Please define aes_32t as a 32-bit unsigned integer type in aes.h
-#endif
-
-#define AES_BLOCK_SIZE  16  /* the AES block size in bytes          */
-#define N_COLS           4  /* the number of columns in the state   */
-
-/* a maximum of 60 32-bit words are needed for the key schedule but */
-/* 64 are claimed to allow space at the top for a CBC xor buffer.   */
-/* If this is not needed, this value can be reduced to 60. A value  */
-/* of 64 may also help in maintaining alignment in some situations  */
-#define KS_LENGTH       64
-
-#ifdef  AES_ERR_CHK
-#define aes_ret     int
-#define aes_good    0
-#define aes_error  -1
-#else
-#define aes_ret     void
-#endif
-
-#ifndef AES_DLL                 /* implement normal/DLL functions   */
-#define aes_rval    aes_ret
-#else
-#define aes_rval    aes_ret __declspec(dllexport) _stdcall
-#endif
+/*! \file
+ * \brief Wrappers for AES encryption/decryption
+ *
+ * These wrappers provided a generic interface to either the
+ * AES methods provided by OpenSSL's crypto library, or the
+ * AES implementation included with Asterisk.
+ */
 
-/* This routine must be called before first use if non-static       */
-/* tables are being used                                            */
+#ifndef _ASTERISK_AES_H
+#define _ASTERISK_AES_H
 
-void gen_tabs(void);
+#ifdef HAVE_CRYPTO
 
-/* The key length (klen) is input in bytes when it is in the range  */
-/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
+/* Use the OpenSSL crypto library */
+#include "openssl/aes.h"
 
-#ifdef  AES_ENCRYPT
+typedef AES_KEY ast_aes_encrypt_key;
+typedef AES_KEY ast_aes_decrypt_key;
 
-typedef struct  
-{   aes_32t ks[KS_LENGTH];
-} aes_encrypt_ctx;
+#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 1024, context)
 
-#if defined(AES_128) || defined(AES_VAR)
-aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
-#endif
+#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 1024, context)
 
-#if defined(AES_192) || defined(AES_VAR)
-aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
-#endif
+#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context)
 
-#if defined(AES_256) || defined(AES_VAR)
-aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
-#endif
+#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context)
 
-#if defined(AES_VAR)
-aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
-#endif
-
-aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
-#endif
+#else /* !HAVE_CRYPTO */
 
-#ifdef AES_DECRYPT
+/* Use the included AES implementation */
 
-typedef struct  
-{   aes_32t ks[KS_LENGTH];
-} aes_decrypt_ctx;
+#include "aes_internal.h"
 
-#if defined(AES_128) || defined(AES_VAR)
-aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
-#endif
+typedef aes_encrypt_ctx ast_aes_encrypt_key;
+typedef aes_decrypt_ctx ast_aes_decrypt_key;
 
-#if defined(AES_192) || defined(AES_VAR)
-aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
-#endif
+#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context)
 
-#if defined(AES_256) || defined(AES_VAR)
-aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
-#endif
+#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context)
 
-#if defined(AES_VAR)
-aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
-#endif
+#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context)
 
-aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
-#endif
+#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context)
 
-#if defined(__cplusplus)
-}
-#endif
+#endif /* !HAVE_CRYPTO */
 
-#endif
+#endif /* _ASTERISK_AES_H */
diff --git a/include/asterisk/aes_internal.h b/include/asterisk/aes_internal.h
new file mode 100644
index 000000000..18c27a6d4
--- /dev/null
+++ b/include/asterisk/aes_internal.h
@@ -0,0 +1,170 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ */
+
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
+ All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+   1. distributions of this source code include the above copyright
+      notice, this list of conditions and the following disclaimer;
+
+   2. distributions in binary form include the above copyright
+      notice, this list of conditions and the following disclaimer
+      in the documentation and/or other associated materials;
+
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 26/08/2003
+*/
+/*!\file
+
+ \brief This file contains the definitions required to use AES in C. See aesopt.h
+ for optimisation details.
+*/
+
+#ifndef _AES_INTERNAL_H
+#define _AES_INTERNAL_H
+
+/*  This include is used to find 8 & 32 bit unsigned integer types  */
+#include "limits.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#define AES_128     /* define if AES with 128 bit keys is needed    */
+#undef AES_192     /* define if AES with 192 bit keys is needed    */
+#undef AES_256     /* define if AES with 256 bit keys is needed    */
+#undef AES_VAR     /* define if a variable key size is needed      */
+
+/* The following must also be set in assembler files if being used  */
+
+#define AES_ENCRYPT /* if support for encryption is needed          */
+#define AES_DECRYPT /* if support for decryption is needed          */
+#define AES_ERR_CHK /* for parameter checks & error return codes    */
+
+#if UCHAR_MAX == 0xff                   /* an unsigned 8 bit type   */
+  typedef unsigned char      aes_08t;
+#else
+#error Please define aes_08t as an 8-bit unsigned integer type in aes.h
+#endif
+
+#if UINT_MAX == 0xffffffff              /* an unsigned 32 bit type  */
+  typedef   unsigned int     aes_32t;
+#elif ULONG_MAX == 0xffffffff
+  typedef   unsigned long    aes_32t;
+#else
+#error Please define aes_32t as a 32-bit unsigned integer type in aes.h
+#endif
+
+#define AES_BLOCK_SIZE  16  /* the AES block size in bytes          */
+#define N_COLS           4  /* the number of columns in the state   */
+
+/* a maximum of 60 32-bit words are needed for the key schedule but */
+/* 64 are claimed to allow space at the top for a CBC xor buffer.   */
+/* If this is not needed, this value can be reduced to 60. A value  */
+/* of 64 may also help in maintaining alignment in some situations  */
+#define KS_LENGTH       64
+
+#ifdef  AES_ERR_CHK
+#define aes_ret     int
+#define aes_good    0
+#define aes_error  -1
+#else
+#define aes_ret     void
+#endif
+
+#ifndef AES_DLL                 /* implement normal/DLL functions   */
+#define aes_rval    aes_ret
+#else
+#define aes_rval    aes_ret __declspec(dllexport) _stdcall
+#endif
+
+/* This routine must be called before first use if non-static       */
+/* tables are being used                                            */
+
+void gen_tabs(void);
+
+/* The key length (klen) is input in bytes when it is in the range  */
+/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
+
+#ifdef  AES_ENCRYPT
+
+typedef struct  
+{   aes_32t ks[KS_LENGTH];
+} aes_encrypt_ctx;
+
+#if defined(AES_128) || defined(AES_VAR)
+aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
+#endif
+
+#if defined(AES_192) || defined(AES_VAR)
+aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
+#endif
+
+#if defined(AES_256) || defined(AES_VAR)
+aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
+#endif
+
+#if defined(AES_VAR)
+aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
+#endif
+
+aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
+#endif
+
+#ifdef AES_DECRYPT
+
+typedef struct  
+{   aes_32t ks[KS_LENGTH];
+} aes_decrypt_ctx;
+
+#if defined(AES_128) || defined(AES_VAR)
+aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
+#endif
+
+#if defined(AES_192) || defined(AES_VAR)
+aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
+#endif
+
+#if defined(AES_256) || defined(AES_VAR)
+aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
+#endif
+
+#if defined(AES_VAR)
+aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
+#endif
+
+aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in
index 7481fa83e..915c0c7d8 100644
--- a/include/asterisk/autoconfig.h.in
+++ b/include/asterisk/autoconfig.h.in
@@ -77,6 +77,12 @@
 /* Define to 1 if your system has a working `chown' function. */
 #undef HAVE_CHOWN
 
+/* Define this to indicate the ${CRYPTO_DESCRIP} library */
+#undef HAVE_CRYPTO
+
+/* Define to indicate the ${CRYPTO_DESCRIP} library version */
+#undef HAVE_CRYPTO_VERSION
+
 /* Define if your system has the curl libraries. */
 #undef HAVE_CURL