Make crypto loading optional

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6797 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-04 03:50:31 +00:00 · 2005-10-16 03:08:58 +00:00
parent 90cfc9e3bc
commit 4803298fe8
4 changed files with 111 additions and 23 deletions
--- a/7
+++ b/7
@@ -51,6 +51,10 @@ OPTIMIZE+=-O6
 #Include debug symbols in the executables (-g) and profiling info (-pg)
 DEBUG=-g #-pg

+#Set NOCRYPTO to yes if you do not want to have crypto support or 
+#dependencies
+#NOCRYPTO=yes
+
 # If you are running a radio application, define RADIO_RELAX so that the DTMF
 # will be received more reliably
 #OPTIONS += -DRADIO_RELAX
@@ -299,7 +303,8 @@ OBJS=io.o sched.o logger.o frame.o loader.o config.o channel.o \
 	dsp.o chanvars.o indications.o autoservice.o db.o privacy.o \
 	astmm.o enum.o srv.o dns.o aescrypt.o aestab.o aeskey.o \
 	utils.o plc.o jitterbuf.o dnsmgr.o devicestate.o \
-	netsock.o slinfactory.o ast_expr2.o ast_expr2f.o
+	netsock.o slinfactory.o ast_expr2.o ast_expr2f.o \
+	cryptostub.o

 ifeq ($(wildcard $(CROSS_COMPILE_TARGET)/usr/include/sys/poll.h),)
  OBJS+= poll.o
--- a/cryptostub.c
+++ b/cryptostub.c
@@ -0,0 +1,81 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 1999 - 2005, Digium, Inc.
+ *
+ * Mark Spencer <markster@digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+#include <asterisk/crypto.h>
+
+
+/* Hrm, I wonder if the compiler is smart enough to only create two functions
+   for all these...  I could force it to only make two, but those would be some
+   really nasty looking casts. */
+   
+static struct ast_key *stub_ast_key_get(const char *kname, int ktype)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return NULL;
+}
+
+static int stub_ast_check_signature(struct ast_key *key, const char *msg, const char *sig)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_sign(struct ast_key *key, char *msg, char *sig) 
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *sig)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_encdec_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+struct ast_key *(*ast_key_get)(const char *key, int type) = 
+	stub_ast_key_get;
+
+int (*ast_check_signature)(struct ast_key *key, const char *msg, const char *sig) =
+	stub_ast_check_signature;
+	
+int (*ast_check_signature_bin)(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig) =
+	stub_ast_check_signature_bin;
+	
+int (*ast_sign)(struct ast_key *key, char *msg, char *sig) = 
+	stub_ast_sign;
+
+int (*ast_sign_bin)(struct ast_key *key, const char *msg, int msglen, unsigned char *sig) =
+	stub_ast_sign_bin;
+	
+int (*ast_encrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) =
+	stub_ast_encdec_bin;
+
+int (*ast_decrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) =
+	stub_ast_encdec_bin;
--- a/include/asterisk/crypto.h
+++ b/include/asterisk/crypto.h
@@ -42,14 +42,7 @@ struct ast_key;
 *
 * Returns the key on success or NULL on failure
 */
-extern struct ast_key *ast_key_get(char *key, int type);
-
-/*! Initialize keys (that is, retrieve pass codes for all private keys) */
-/*!
- * \param fd a file descriptor for I/O for passwords
- *
- */
-extern int ast_key_init(int fd);
+extern struct ast_key *(*ast_key_get)(const char *key, int type);

 /*! Check the authenticity of a message signature using a given public key */
 /*!
@@ -60,7 +53,7 @@ extern int ast_key_init(int fd);
 * Returns 0 if the signature is valid, or -1 otherwise
 *
 */
-extern int ast_check_signature(struct ast_key *key, char *msg, char *sig);
+extern int (*ast_check_signature)(struct ast_key *key, const char *msg, const char *sig);

 /*! Check the authenticity of a message signature using a given public key */
 /*!
@@ -71,7 +64,7 @@ extern int ast_check_signature(struct ast_key *key, char *msg, char *sig);
 * Returns 0 if the signature is valid, or -1 otherwise
 *
 */
-extern int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned char *sig);
+extern int (*ast_check_signature_bin)(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig);

 /*!
 * \param key a private key to use to create the signature
@@ -82,7 +75,7 @@ extern int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, u
 * Returns 0 on success or -1 on failure.
 *
 */
-extern int ast_sign(struct ast_key *key, char *msg, char *sig);
+extern int (*ast_sign)(struct ast_key *key, char *msg, char *sig);
 /*!
 * \param key a private key to use to create the signature
 * \param msg the message to sign
@@ -92,7 +85,7 @@ extern int ast_sign(struct ast_key *key, char *msg, char *sig);
 * Returns 0 on success or -1 on failure.
 *
 */
-extern int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *sig);
+extern int (*ast_sign_bin)(struct ast_key *key, const char *msg, int msglen, unsigned char *sig);

 /*!
 * \param key a private key to use to encrypt
@@ -104,7 +97,7 @@ extern int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned cha
 * Returns length of encrypted data on success or -1 on failure.
 *
 */
-extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);
+extern int (*ast_encrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);

 /*!
 * \param key a private key to use to decrypt
@@ -116,7 +109,7 @@ extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int src
 * Returns length of decrypted data on success or -1 on failure.
 *
 */
-extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);
+extern int (*ast_decrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif
--- a/res/res_crypto.c
+++ b/res/res_crypto.c
@@ -129,7 +129,7 @@ static int pw_cb(char *buf, int size, int rwflag, void *userdata)
 	return -1;
 }

-struct ast_key *ast_key_get(char *kname, int ktype)
+static struct ast_key *__ast_key_get(const char *kname, int ktype)
 {
 	struct ast_key *key;
 	ast_mutex_lock(&keylock);
@@ -314,7 +314,7 @@ static char *binary(int y, int len)

 #endif

-int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig)
+static int __ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
 {
 	unsigned char digest[20];
 	unsigned int siglen = 128;
@@ -345,7 +345,7 @@ int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig
 	
 }

-extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
+static int __ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 {
 	int res;
 	int pos = 0;
@@ -371,7 +371,7 @@ extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int src
 	return pos;
 }

-extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
+static int __ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 {
 	int res;
 	int bytes;
@@ -399,7 +399,7 @@ extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int src
 	return pos;
 }

-int ast_sign(struct ast_key *key, char *msg, char *sig)
+static int __ast_sign(struct ast_key *key, char *msg, char *sig)
 {
 	unsigned char dsig[128];
 	int siglen = sizeof(dsig);
@@ -412,7 +412,7 @@ int ast_sign(struct ast_key *key, char *msg, char *sig)
 	
 }

-int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig)
+static int __ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig)
 {
 	unsigned char digest[20];
 	int res;
@@ -428,7 +428,7 @@ int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned
 	SHA1((unsigned char *)msg, msglen, digest);

 	/* Verify signature */
-	res = RSA_verify(NID_sha1, digest, sizeof(digest), dsig, 128, key->rsa);
+	res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa);
 	
 	if (!res) {
 		ast_log(LOG_DEBUG, "Key failed verification: %s\n", key->name);
@@ -438,7 +438,7 @@ int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned
 	return 0;
 }

-int ast_check_signature(struct ast_key *key, char *msg, char *sig)
+static int __ast_check_signature(struct ast_key *key, const char *msg, const char *sig)
 {
 	unsigned char dsig[128];
 	int res;
@@ -571,6 +571,15 @@ static int crypto_init(void)
 	ERR_load_crypto_strings();
 	ast_cli_register(&cli_show_keys);
 	ast_cli_register(&cli_init_keys);
+
+	/* Install ourselves into stubs */
+	ast_key_get = __ast_key_get;
+	ast_check_signature = __ast_check_signature;
+	ast_check_signature_bin = __ast_check_signature_bin;
+	ast_sign = __ast_sign;
+	ast_sign_bin = __ast_sign_bin;
+	ast_encrypt_bin = __ast_encrypt_bin;
+	ast_decrypt_bin = __ast_decrypt_bin;
 	return 0;
 }