From 4803298fe87c365c30bae7c3c71e3de7086d3389 Mon Sep 17 00:00:00 2001
From: Mark Spencer <markster@digium.com>
Date: Sun, 16 Oct 2005 03:08:58 +0000
Subject: Make crypto loading optional

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6797 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 Makefile                  |  7 +++-
 cryptostub.c              | 81 +++++++++++++++++++++++++++++++++++++++++++++++
 include/asterisk/crypto.h | 21 ++++--------
 res/res_crypto.c          | 25 ++++++++++-----
 4 files changed, 111 insertions(+), 23 deletions(-)
 create mode 100755 cryptostub.c

diff --git a/Makefile b/Makefile
index db16a3851..614032e77 100755
--- a/Makefile
+++ b/Makefile
@@ -51,6 +51,10 @@ OPTIMIZE+=-O6
 #Include debug symbols in the executables (-g) and profiling info (-pg)
 DEBUG=-g #-pg
 
+#Set NOCRYPTO to yes if you do not want to have crypto support or 
+#dependencies
+#NOCRYPTO=yes
+
 # If you are running a radio application, define RADIO_RELAX so that the DTMF
 # will be received more reliably
 #OPTIONS += -DRADIO_RELAX
@@ -299,7 +303,8 @@ OBJS=io.o sched.o logger.o frame.o loader.o config.o channel.o \
 	dsp.o chanvars.o indications.o autoservice.o db.o privacy.o \
 	astmm.o enum.o srv.o dns.o aescrypt.o aestab.o aeskey.o \
 	utils.o plc.o jitterbuf.o dnsmgr.o devicestate.o \
-	netsock.o slinfactory.o ast_expr2.o ast_expr2f.o
+	netsock.o slinfactory.o ast_expr2.o ast_expr2f.o \
+	cryptostub.o
 
 ifeq ($(wildcard $(CROSS_COMPILE_TARGET)/usr/include/sys/poll.h),)
   OBJS+= poll.o
diff --git a/cryptostub.c b/cryptostub.c
new file mode 100755
index 000000000..b8f192868
--- /dev/null
+++ b/cryptostub.c
@@ -0,0 +1,81 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 1999 - 2005, Digium, Inc.
+ *
+ * Mark Spencer <markster@digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+#include <asterisk/crypto.h>
+
+
+/* Hrm, I wonder if the compiler is smart enough to only create two functions
+   for all these...  I could force it to only make two, but those would be some
+   really nasty looking casts. */
+   
+static struct ast_key *stub_ast_key_get(const char *kname, int ktype)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return NULL;
+}
+
+static int stub_ast_check_signature(struct ast_key *key, const char *msg, const char *sig)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_sign(struct ast_key *key, char *msg, char *sig) 
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *sig)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+static int stub_ast_encdec_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
+{
+	ast_log(LOG_NOTICE, "Crypto support not loaded!\n");
+	return -1;
+}
+
+struct ast_key *(*ast_key_get)(const char *key, int type) = 
+	stub_ast_key_get;
+
+int (*ast_check_signature)(struct ast_key *key, const char *msg, const char *sig) =
+	stub_ast_check_signature;
+	
+int (*ast_check_signature_bin)(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig) =
+	stub_ast_check_signature_bin;
+	
+int (*ast_sign)(struct ast_key *key, char *msg, char *sig) = 
+	stub_ast_sign;
+
+int (*ast_sign_bin)(struct ast_key *key, const char *msg, int msglen, unsigned char *sig) =
+	stub_ast_sign_bin;
+	
+int (*ast_encrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) =
+	stub_ast_encdec_bin;
+
+int (*ast_decrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key) =
+	stub_ast_encdec_bin;
diff --git a/include/asterisk/crypto.h b/include/asterisk/crypto.h
index 69010714c..7d86da16d 100755
--- a/include/asterisk/crypto.h
+++ b/include/asterisk/crypto.h
@@ -42,14 +42,7 @@ struct ast_key;
  *
  * Returns the key on success or NULL on failure
  */
-extern struct ast_key *ast_key_get(char *key, int type);
-
-/*! Initialize keys (that is, retrieve pass codes for all private keys) */
-/*!
- * \param fd a file descriptor for I/O for passwords
- *
- */
-extern int ast_key_init(int fd);
+extern struct ast_key *(*ast_key_get)(const char *key, int type);
 
 /*! Check the authenticity of a message signature using a given public key */
 /*!
@@ -60,7 +53,7 @@ extern int ast_key_init(int fd);
  * Returns 0 if the signature is valid, or -1 otherwise
  *
  */
-extern int ast_check_signature(struct ast_key *key, char *msg, char *sig);
+extern int (*ast_check_signature)(struct ast_key *key, const char *msg, const char *sig);
 
 /*! Check the authenticity of a message signature using a given public key */
 /*!
@@ -71,7 +64,7 @@ extern int ast_check_signature(struct ast_key *key, char *msg, char *sig);
  * Returns 0 if the signature is valid, or -1 otherwise
  *
  */
-extern int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned char *sig);
+extern int (*ast_check_signature_bin)(struct ast_key *key, const char *msg, int msglen, const unsigned char *sig);
 
 /*!
  * \param key a private key to use to create the signature
@@ -82,7 +75,7 @@ extern int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, u
  * Returns 0 on success or -1 on failure.
  *
  */
-extern int ast_sign(struct ast_key *key, char *msg, char *sig);
+extern int (*ast_sign)(struct ast_key *key, char *msg, char *sig);
 /*!
  * \param key a private key to use to create the signature
  * \param msg the message to sign
@@ -92,7 +85,7 @@ extern int ast_sign(struct ast_key *key, char *msg, char *sig);
  * Returns 0 on success or -1 on failure.
  *
  */
-extern int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *sig);
+extern int (*ast_sign_bin)(struct ast_key *key, const char *msg, int msglen, unsigned char *sig);
 
 /*!
  * \param key a private key to use to encrypt
@@ -104,7 +97,7 @@ extern int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned cha
  * Returns length of encrypted data on success or -1 on failure.
  *
  */
-extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);
+extern int (*ast_encrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);
 
 /*!
  * \param key a private key to use to decrypt
@@ -116,7 +109,7 @@ extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int src
  * Returns length of decrypted data on success or -1 on failure.
  *
  */
-extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);
+extern int (*ast_decrypt_bin)(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key);
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif
diff --git a/res/res_crypto.c b/res/res_crypto.c
index 8c5eb51b1..006238c2d 100755
--- a/res/res_crypto.c
+++ b/res/res_crypto.c
@@ -129,7 +129,7 @@ static int pw_cb(char *buf, int size, int rwflag, void *userdata)
 	return -1;
 }
 
-struct ast_key *ast_key_get(char *kname, int ktype)
+static struct ast_key *__ast_key_get(const char *kname, int ktype)
 {
 	struct ast_key *key;
 	ast_mutex_lock(&keylock);
@@ -314,7 +314,7 @@ static char *binary(int y, int len)
 
 #endif
 
-int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig)
+static int __ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
 {
 	unsigned char digest[20];
 	unsigned int siglen = 128;
@@ -345,7 +345,7 @@ int ast_sign_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig
 	
 }
 
-extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
+static int __ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 {
 	int res;
 	int pos = 0;
@@ -371,7 +371,7 @@ extern int ast_decrypt_bin(unsigned char *dst, const unsigned char *src, int src
 	return pos;
 }
 
-extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
+static int __ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key)
 {
 	int res;
 	int bytes;
@@ -399,7 +399,7 @@ extern int ast_encrypt_bin(unsigned char *dst, const unsigned char *src, int src
 	return pos;
 }
 
-int ast_sign(struct ast_key *key, char *msg, char *sig)
+static int __ast_sign(struct ast_key *key, char *msg, char *sig)
 {
 	unsigned char dsig[128];
 	int siglen = sizeof(dsig);
@@ -412,7 +412,7 @@ int ast_sign(struct ast_key *key, char *msg, char *sig)
 	
 }
 
-int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned char *dsig)
+static int __ast_check_signature_bin(struct ast_key *key, const char *msg, int msglen, const unsigned char *dsig)
 {
 	unsigned char digest[20];
 	int res;
@@ -428,7 +428,7 @@ int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned
 	SHA1((unsigned char *)msg, msglen, digest);
 
 	/* Verify signature */
-	res = RSA_verify(NID_sha1, digest, sizeof(digest), dsig, 128, key->rsa);
+	res = RSA_verify(NID_sha1, digest, sizeof(digest), (unsigned char *)dsig, 128, key->rsa);
 	
 	if (!res) {
 		ast_log(LOG_DEBUG, "Key failed verification: %s\n", key->name);
@@ -438,7 +438,7 @@ int ast_check_signature_bin(struct ast_key *key, char *msg, int msglen, unsigned
 	return 0;
 }
 
-int ast_check_signature(struct ast_key *key, char *msg, char *sig)
+static int __ast_check_signature(struct ast_key *key, const char *msg, const char *sig)
 {
 	unsigned char dsig[128];
 	int res;
@@ -571,6 +571,15 @@ static int crypto_init(void)
 	ERR_load_crypto_strings();
 	ast_cli_register(&cli_show_keys);
 	ast_cli_register(&cli_init_keys);
+
+	/* Install ourselves into stubs */
+	ast_key_get = __ast_key_get;
+	ast_check_signature = __ast_check_signature;
+	ast_check_signature_bin = __ast_check_signature_bin;
+	ast_sign = __ast_sign;
+	ast_sign_bin = __ast_sign_bin;
+	ast_encrypt_bin = __ast_encrypt_bin;
+	ast_decrypt_bin = __ast_decrypt_bin;
 	return 0;
 }
 
-- 
cgit v1.2.3