rename internal functions to avoid conflicts (bz 956340)

2014-02-10 14:56:02 -05:00 · 2014-02-10 14:56:02 -05:00 · 1d54552ece
commit 1d54552ece
parent f0985f9c77
3 changed files with 300 additions and 1 deletions
--- a/libsrtp-sha1-name-fix.patch
+++ b/libsrtp-sha1-name-fix.patch
@ -0,0 +1,170 @@
+--- a/crypto/hash/hmac.c	
+++ a/crypto/hash/hmac.c	
+@@ -137,10 +137,10 @@ hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) {
+   debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
+   
+   /* initialize sha1 context */
+-  sha1_init(&state->init_ctx);
+  crypto_sha1_init(&state->init_ctx);
+ 
+   /* hash ipad ^ key */
+-  sha1_update(&state->init_ctx, ipad, 64);
+  crypto_sha1_update(&state->init_ctx, ipad, 64);
+   memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); 
+ 
+   return err_status_ok;
+@@ -161,7 +161,7 @@ hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) {
+ 	      octet_string_hex_string(message, msg_octets));
+   
+   /* hash message into sha1 context */
+-  sha1_update(&state->ctx, message, msg_octets);
+  crypto_sha1_update(&state->ctx, message, msg_octets);
+ 
+   return err_status_ok;
+ }
+@@ -179,7 +179,7 @@ hmac_compute(hmac_ctx_t *state, const void *message,
+   
+   /* hash message, copy output into H */
+   hmac_update(state, (const uint8_t*)message, msg_octets);
+-  sha1_final(&state->ctx, H);
+  crypto_sha1_final(&state->ctx, H);
+ 
+   /*
+    * note that we don't need to debug_print() the input, since the
+@@ -189,16 +189,16 @@ hmac_compute(hmac_ctx_t *state, const void *message,
+ 	      octet_string_hex_string((uint8_t *)H, 20));
+ 
+   /* re-initialize hash context */
+-  sha1_init(&state->ctx);
+  crypto_sha1_init(&state->ctx);
+   
+   /* hash opad ^ key  */
+-  sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
+  crypto_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
+ 
+   /* hash the result of the inner hash */
+-  sha1_update(&state->ctx, (uint8_t *)H, 20);
+  crypto_sha1_update(&state->ctx, (uint8_t *)H, 20);
+   
+   /* the result is returned in the array hash_value[] */
+-  sha1_final(&state->ctx, hash_value);
+  crypto_sha1_final(&state->ctx, hash_value);
+ 
+   /* copy hash_value to *result */
+   for (i=0; i < tag_len; i++)    
+--- a/crypto/hash/sha1.c	
+++ a/crypto/hash/sha1.c	
+@@ -74,12 +74,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC;   /* Kt for 40 <= t <= 59 */
+ uint32_t SHA_K3 = 0xCA62C1D6;   /* Kt for 60 <= t <= 79 */
+ 
+ void
+-sha1(const uint8_t *msg,  int octets_in_msg, uint32_t hash_value[5]) {
+crypto_sha1(const uint8_t *msg,  int octets_in_msg, uint32_t hash_value[5]) {
+   sha1_ctx_t ctx;
+ 
+-  sha1_init(&ctx);
+-  sha1_update(&ctx, msg, octets_in_msg);
+-  sha1_final(&ctx, hash_value);
+  crypto_sha1_init(&ctx);
+  crypto_sha1_update(&ctx, msg, octets_in_msg);
+  crypto_sha1_final(&ctx, hash_value);
+ 
+ }
+ 
+@@ -96,7 +96,7 @@ sha1(const uint8_t *msg,  int octets_in_msg, uint32_t hash_value[5]) {
+  */
+ 
+ void
+-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
+   uint32_t H0;
+   uint32_t H1;
+   uint32_t H2;
+@@ -183,7 +183,7 @@ sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
+ }
+ 
+ void
+-sha1_init(sha1_ctx_t *ctx) {
+crypto_sha1_init(sha1_ctx_t *ctx) {
+ 
+   /* initialize state vector */
+   ctx->H[0] = 0x67452301;
+@@ -201,7 +201,7 @@ sha1_init(sha1_ctx_t *ctx) {
+ }
+ 
+ void
+-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
+   int i;
+   uint8_t *buf = (uint8_t *)ctx->M;
+ 
+@@ -226,7 +226,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
+ 
+       debug_print(mod_sha1, "(update) running sha1_core()", NULL);
+ 
+-      sha1_core(ctx->M, ctx->H);
+      crypto_sha1_core(ctx->M, ctx->H);
+ 
+     } else {
+ 
+@@ -249,7 +249,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
+  */
+ 
+ void
+-sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
+   uint32_t A, B, C, D, E, TEMP;
+   uint32_t W[80];  
+   int i, t;
+--- a/crypto/include/sha1.h	
+++ a/crypto/include/sha1.h	
+@@ -65,7 +65,7 @@ typedef struct {
+  */
+ 
+ void
+-sha1(const uint8_t *message,  int octets_in_msg, uint32_t output[5]);
+crypto_sha1(const uint8_t *message,  int octets_in_msg, uint32_t output[5]);
+ 
+ /*
+  * sha1_init(&ctx) initializes the SHA1 context ctx
+@@ -79,13 +79,13 @@ sha1(const uint8_t *message,  int octets_in_msg, uint32_t output[5]);
+  */
+ 
+ void
+-sha1_init(sha1_ctx_t *ctx);
+crypto_sha1_init(sha1_ctx_t *ctx);
+ 
+ void
+-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
+ 
+ void
+-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
+ 
+ /*
+  * The sha1_core function is INTERNAL to SHA-1, but it is declared
+@@ -103,6 +103,6 @@ sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
+  */
+ 
+ void
+-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+      
+ #endif /* SHA1_H */
+--- a/crypto/test/sha1_driver.c	
+++ a/crypto/test/sha1_driver.c	
+@@ -107,9 +107,9 @@ sha1_test_case_validate(const hash_test_case_t *test_case) {
+   if (test_case->data_len > MAX_HASH_DATA_LEN)
+     return err_status_bad_param;
+ 
+-  sha1_init(&ctx);
+-  sha1_update(&ctx, test_case->data, test_case->data_len);
+-  sha1_final(&ctx, hash_value);
+  crypto_sha1_init(&ctx);
+  crypto_sha1_update(&ctx, test_case->data, test_case->data_len);
+  crypto_sha1_final(&ctx, hash_value);
+   if (0 == memcmp(test_case->hash, hash_value, 20)) {
+ #if VERBOSE
+     printf("PASSED: reference value: %s\n", 
+
--- a/libsrtp-srtp_aes_encrypt.patch
+++ b/libsrtp-srtp_aes_encrypt.patch
@ -0,0 +1,122 @@
+--- a/crypto/cipher/aes.c	
+++ a/crypto/cipher/aes.c	
+@@ -1999,7 +1999,7 @@ aes_inv_final_round(v128_t *state, const v128_t *round_key) {
+ 
+ 
+ void
+-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
+ 
+   /* add in the subkey */
+   v128_xor_eq(plaintext, &exp_key->round[0]);
+--- a/crypto/cipher/aes_cbc.c	
+++ a/crypto/cipher/aes_cbc.c	
+@@ -182,7 +182,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
+     debug_print(mod_aes_cbc, "inblock:  %s", 
+ 	      v128_hex_string(&c->state));
+ 
+-    aes_encrypt(&c->state, &c->expanded_key);
+    srtp_aes_encrypt(&c->state, &c->expanded_key);
+ 
+     debug_print(mod_aes_cbc, "outblock: %s", 
+ 	      v128_hex_string(&c->state));
+--- a/crypto/cipher/aes_icm.c	
+++ a/crypto/cipher/aes_icm.c	
+@@ -240,7 +240,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
+   /* fill keystream buffer, if needed */
+   if (tail_num) {
+     v128_copy(&c->keystream_buffer, &c->counter);
+-    aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+    srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+     c->bytes_in_buffer = sizeof(v128_t);
+ 
+     debug_print(mod_aes_icm, "counter:    %s", 
+@@ -296,7 +296,7 @@ static inline void
+ aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
+   /* fill buffer with new keystream */
+   v128_copy(&c->keystream_buffer, &c->counter);
+-  aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+  srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+   c->bytes_in_buffer = sizeof(v128_t);
+ 
+   debug_print(mod_aes_icm, "counter:    %s", 
+--- a/crypto/include/aes.h	
+++ a/crypto/include/aes.h	
+@@ -70,7 +70,7 @@ aes_expand_decryption_key(const uint8_t *key,
+ 			  aes_expanded_key_t *expanded_key);
+ 
+ void
+-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
+ 
+ void
+ aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
+--- a/crypto/rng/prng.c	
+++ a/crypto/rng/prng.c	
+@@ -108,7 +108,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
+     v128_copy(&buffer, &x917_prng.state);
+ 
+     /* apply aes to buffer */
+-    aes_encrypt(&buffer, &x917_prng.key);
+    srtp_aes_encrypt(&buffer, &x917_prng.key);
+     
+     /* write data to output */
+     *dest++ = buffer.v8[0];
+@@ -132,7 +132,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
+     buffer.v32[0] ^= t;
+ 
+     /* encrypt buffer */
+-    aes_encrypt(&buffer, &x917_prng.key);
+    srtp_aes_encrypt(&buffer, &x917_prng.key);
+ 
+     /* copy buffer into state */
+     v128_copy(&x917_prng.state, &buffer);
+@@ -150,7 +150,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
+     v128_copy(&buffer, &x917_prng.state);
+ 
+     /* apply aes to buffer */
+-    aes_encrypt(&buffer, &x917_prng.key);
+    srtp_aes_encrypt(&buffer, &x917_prng.key);
+ 
+     /* write data to output */
+     for (i=0; i < tail_len; i++) {
+@@ -163,7 +163,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
+     buffer.v32[0] ^= t;
+ 
+     /* encrypt buffer */
+-    aes_encrypt(&buffer, &x917_prng.key);
+    srtp_aes_encrypt(&buffer, &x917_prng.key);
+ 
+     /* copy buffer into state */
+     v128_copy(&x917_prng.state, &buffer);
+--- a/crypto/test/aes_calc.c	
+++ a/crypto/test/aes_calc.c	
+@@ -105,7 +105,7 @@ main (int argc, char *argv[]) {
+     exit(1);
+   }
+ 
+-  aes_encrypt(&data, &exp_key);
+  srtp_aes_encrypt(&data, &exp_key);
+ 
+   /* write ciphertext to output */
+   if (verbose) {
+--- a/tables/aes_tables.c	
+++ a/tables/aes_tables.c	
+@@ -294,7 +294,7 @@ main(void) {
+ 
+ #if AES_INVERSE_TEST
+   /* 
+-   * test that aes_encrypt and aes_decrypt are actually
+   * test that srtp_aes_encrypt and aes_decrypt are actually
+    * inverses of each other 
+    */
+     
+@@ -331,7 +331,7 @@ aes_test_inverse(void) {
+   v128_copy_octet_string(&x, plaintext);
+   aes_expand_encryption_key(k, expanded_key);
+   aes_expand_decryption_key(k, decrypt_key);
+-  aes_encrypt(&x, expanded_key);
+  srtp_aes_encrypt(&x, expanded_key);
+   aes_decrypt(&x, decrypt_key);
+   
+   /* compare to expected value then report */
--- a/libsrtp.spec
+++ b/libsrtp.spec
@ -3,7 +3,7 @@

 Name:		lib%{shortname}
 Version:	1.4.4
-Release:	9.%{cvsver}%{?dist}
+Release:	10.%{cvsver}%{?dist}
 Summary:	An implementation of the Secure Real-time Transport Protocol (SRTP)
 Group:		System Environment/Libraries
 License:	BSD
@ -21,6 +21,8 @@ Source2:	config.h
 # And how does Chromium always manage to find these projects and use them?
 Patch0:		libsrtp-1.4.4-shared.patch
 Patch1:		libsrtp-1.4.4-CVE20132139.patch
+Patch2:		libsrtp-srtp_aes_encrypt.patch
+Patch3:		libsrtp-sha1-name-fix.patch

 %description
 This package provides an implementation of the Secure Real-time
@ -41,6 +43,8 @@ developing applications that use %{name}.
 %setup -q -n %{shortname}
 %patch0 -p1 -b .shared
 %patch1 -p1 -b .CVE20132139
+%patch2 -p1 -b .srtp_aes_encrypt
+%patch3 -p1 -b .sha1-name-fix

 # Fix end-of-line encoding
 sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt
@ -91,6 +95,9 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
 %{_libdir}/*.so

 %changelog
+* Mon Feb 10 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.4-10.20101004cvs
+- rename internal functions to avoid conflicts (bz 956340)
+
 * Mon Dec 30 2013 Tom Callaway <spot@fedoraproject.org> - 1.4.4-9.20101004cvs
 - apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27