Cross-project request... looking for input on a rewrite of Asterisk's res_crypto.c module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm trying to develop a newer replacement module for Asterisk's res_crypto that is (for now) 1.1.x compatible but can be easily updated to 3.0 (and maybe even easily add provider support for TPM escrowed secrets, etc).

I'm collecting requirements before I get started.

https://wiki.asterisk.org/wiki/pages/viewpage.action?pageId=49153311

The modules in Asterisk that use res_crypto are:

func/func_aes.c
chan/chan_iax2.c
pbx/pbx_dundi.c
pbx/dundi-parser.c

as well as any independent third-party modules (but I'm not aware of what they might be).

The code is rife with assumptions, such as only AES128 and RSA1024 are to be used, that only AES-EBC chaining is used, and that it's safe to block-cipher with RSA.  Signing digests, RSA padding and AES ciphers are hard-coded.  As are buffer sizes. (So you see why a rewrite is needed...)

This is the tip of the proverbial iceberg.

Anyway, more eyes on the problem are always a good thing.

Thanks,

-Philip






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux