diff options
| -rwxr-xr-x | Makefile | 7 | ||||
| -rwxr-xr-x | cryptostub.c | 81 | ||||
| -rwxr-xr-x | include/asterisk/crypto.h | 21 | ||||
| -rwxr-xr-x | res/res_crypto.c | 25 |
4 files changed, 111 insertions, 23 deletions
@@ -51,6 +51,10 @@ OPTIMIZE+=-O6 #Include debug symbols in the executables (-g) and profiling info (-pg) DEBUG=-g #-pg +#Set NOCRYPTO to yes if you do not want to have crypto support or +#dependencies +#NOCRYPTO=yes + # If you are running a radio application, define RADIO_RELAX so that the DTMF # will be received more reliably #OPTIONS += -DRADIO_RELAX @@ -299,7 +303,8 @@ OBJS=io.o sched.o logger.o frame.o loader.o config.o channel.o \ dsp.o chanvars.o indications.o autoservice.o db.o privacy.o \ astmm.o enum.o srv.o dns.o aescrypt.o aestab.o aeskey.o \ utils.o plc.o jitterbuf.o dnsmgr.o devicestate.o \ - netsock.o slinfactory.o ast_expr2.o ast_expr2f.o + netsock.o slinfactory.o ast_expr2.o ast_expr2f.o \ + cryptostub.o ifeq ($(wildcard $(CROSS_COMPILE_TARGET)/usr/include/sys/poll.h),) OBJS+= poll.o diff --git a/cryptostub.c b/cryptostub.c new file mode 100755 index 000000000..b8f192868 --- /dev/null +++ b/cryptostub.c @@ -0,0 +1,81 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * Copyright (C) 1999 - 2005, Digium, Inc. + * + * Mark Spencer <markster@digium.com> + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. + */ + +#include <asterisk/crypto.h> + + +/* Hrm, I wonder if the compiler is smart enough to only create two functions + for all these... I could force it to only make two, but those would be some + really nasty looking casts. */ + +static struct ast_key *stub_ast_key_get(const char *kname, int ktype) +{ + ast_log(LOG_NOTICE, "Crypto support not loaded!\n"); + return NULL; +} + +static int stub_ast_check_signature(struct ast_key *key, const char *msg, const char *sig) +{ + ast_log(LOG_NOTICE, "Crypto support not loaded!\n"); + return -1; +} + +static int stub_ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig) +{ + ast_log(LOG_NOTICE, "Crypto support not loaded!\n"); + return -1; +} + +static int stub_ast_sign(struct ast_key *key, char *msg, char *sig) +{ + ast_log(LOG_NOTICE, "Crypto support not loaded!\n"); + return -1; +} + +static int stub_ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *sig) +{ + ast_log(LOG_NOTICE, "Crypto support not loaded!\n"); + return -1; +} + +static int stub_ast_encdec_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) +{ + ast_log(LOG_NOTICE, "Crypto support not loaded!\n"); + return -1; +} + +struct ast_key *(*ast_key_get)(const char *key, int type) = + stub_ast_key_get; + +int (*ast_check_signature)(struct ast_key *key, const char *msg, const char *sig) = + stub_ast_check_signature; + +int (*ast_check_signature_bin)(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig) = + stub_ast_check_signature_bin; + +int (*ast_sign)(struct ast_key *key, char *msg, char *sig) = + stub_ast_sign; + +int (*ast_sign_bin)(struct ast_key *key, const char *msg, int msglen, unsigned char *sig) = + stub_ast_sign_bin; + +int (*ast_encrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) = + stub_ast_encdec_bin; + +int (*ast_decrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) = + stub_ast_encdec_bin; diff --git a/include/asterisk/crypto.h b/include/asterisk/crypto.h index 69010714c..7d86da16d 100755 --- a/include/asterisk/crypto.h +++ b/include/asterisk/crypto.h @@ -42,14 +42,7 @@ struct ast_key; * * Returns the key on success or NULL on failure */ -extern struct ast_key *ast_key_get(char *key, int type); - -/*! Initialize keys (that is, retrieve pass codes for all private keys) */ -/*! - * \param fd a file descriptor for I/O for passwords - * - */ -extern int ast_key_init(int fd); +extern struct ast_key *(*ast_key_get)(const char *key, int type); /*! Check the authenticity of a message signature using a given public key */ /*! @@ -60,7 +53,7 @@ extern int ast_key_init(int fd); * Returns 0 if the signature is valid, or -1 otherwise * */ -extern int ast_check_signature(struct ast_key *key, char *msg, char *sig); +extern int (*ast_check_signature)(struct ast_key *key, const char *msg, const char *sig); /*! Check the authenticity of a message signature using a given public key */ /*! @@ -71,7 +64,7 @@ extern int ast_check_signature(struct ast_key *key, char *msg, char *sig); * Returns 0 if the signature is valid, or -1 otherwise * */ -extern int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned char *sig); +extern int (*ast_check_signature_bin)(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig); /*! * \param key a private key to use to create the signature @@ -82,7 +75,7 @@ extern int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, u * Returns 0 on success or -1 on failure. * */ -extern int ast_sign(struct ast_key *key, char *msg, char *sig); +extern int (*ast_sign)(struct ast_key *key, char *msg, char *sig); /*! * \param key a private key to use to create the signature * \param msg the message to sign @@ -92,7 +85,7 @@ extern int ast_sign(struct ast_key *key, char *msg, char *sig); * Returns 0 on success or -1 on failure. * */ -extern int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *sig); +extern int (*ast_sign_bin)(struct ast_key *key, const char *msg, int msglen, unsigned char *sig); /*! * \param key a private key to use to encrypt @@ -104,7 +97,7 @@ extern int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned cha * Returns length of encrypted data on success or -1 on failure. * */ -extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key); +extern int (*ast_encrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key); /*! * \param key a private key to use to decrypt @@ -116,7 +109,7 @@ extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int src * Returns length of decrypted data on success or -1 on failure. * */ -extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key); +extern int (*ast_decrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key); #if defined(__cplusplus) || defined(c_plusplus) } #endif diff --git a/res/res_crypto.c b/res/res_crypto.c index 8c5eb51b1..006238c2d 100755 --- a/res/res_crypto.c +++ b/res/res_crypto.c @@ -129,7 +129,7 @@ static int pw_cb(char *buf, int size, int rwflag, void *userdata) return -1; } -struct ast_key *ast_key_get(char *kname, int ktype) +static struct ast_key *__ast_key_get(const char *kname, int ktype) { struct ast_key *key; ast_mutex_lock(&keylock); @@ -314,7 +314,7 @@ static char *binary(int y, int len) #endif -int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig) +static int __ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *dsig) { unsigned char digest[20]; unsigned int siglen = 128; @@ -345,7 +345,7 @@ int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig } -extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) +static int __ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) { int res; int pos = 0; @@ -371,7 +371,7 @@ extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int src return pos; } -extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) +static int __ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) { int res; int bytes; @@ -399,7 +399,7 @@ extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int src return pos; } -int ast_sign(struct ast_key *key, char *msg, char *sig) +static int __ast_sign(struct ast_key *key, char *msg, char *sig) { unsigned char dsig[128]; int siglen = sizeof(dsig); @@ -412,7 +412,7 @@ int ast_sign(struct ast_key *key, char *msg, char *sig) } -int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig) +static int __ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig) { unsigned char digest[20]; int res; @@ -428,7 +428,7 @@ int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned SHA1((unsigned char *)msg, msglen, digest); /* Verify signature */ - res = RSA_verify(NID_sha1, digest, sizeof(digest), dsig, 128, key->rsa); + res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa); if (!res) { ast_log(LOG_DEBUG, "Key failed verification: %s\n", key->name); @@ -438,7 +438,7 @@ int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned return 0; } -int ast_check_signature(struct ast_key *key, char *msg, char *sig) +static int __ast_check_signature(struct ast_key *key, const char *msg, const char *sig) { unsigned char dsig[128]; int res; @@ -571,6 +571,15 @@ static int crypto_init(void) ERR_load_crypto_strings(); ast_cli_register(&cli_show_keys); ast_cli_register(&cli_init_keys); + + /* Install ourselves into stubs */ + ast_key_get = __ast_key_get; + ast_check_signature = __ast_check_signature; + ast_check_signature_bin = __ast_check_signature_bin; + ast_sign = __ast_sign; + ast_sign_bin = __ast_sign_bin; + ast_encrypt_bin = __ast_encrypt_bin; + ast_decrypt_bin = __ast_decrypt_bin; return 0; } |