Hi, I'm trying to develop a newer replacement module for Asterisk's res_crypto that is (for now) 1.1.x compatible but can be easily updated to 3.0 (and maybe even easily add provider support for TPM escrowed secrets, etc).
I'm collecting requirements before I get started. https://wiki.asterisk.org/wiki/pages/viewpage.action?pageId=49153311 The modules in Asterisk that use res_crypto are: func/func_aes.c chan/chan_iax2.c pbx/pbx_dundi.c pbx/dundi-parser.c as well as any independent third-party modules (but I'm not aware of what they might be). The code is rife with assumptions, such as only AES128 and RSA1024 are to be used, that only AES-EBC chaining is used, and that it's safe to block-cipher with RSA. Signing digests, RSA padding and AES ciphers are hard-coded. As are buffer sizes. (So you see why a rewrite is needed...) This is the tip of the proverbial iceberg. Anyway, more eyes on the problem are always a good thing. Thanks, -Philip
