rename internal functions to avoid conflicts (bz 956340)
This commit is contained in:
parent
f0985f9c77
commit
1d54552ece
170
libsrtp-sha1-name-fix.patch
Normal file
170
libsrtp-sha1-name-fix.patch
Normal file
@ -0,0 +1,170 @@
|
||||
--- a/crypto/hash/hmac.c
|
||||
+++ a/crypto/hash/hmac.c
|
||||
@@ -137,10 +137,10 @@ hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) {
|
||||
debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
|
||||
|
||||
/* initialize sha1 context */
|
||||
- sha1_init(&state->init_ctx);
|
||||
+ crypto_sha1_init(&state->init_ctx);
|
||||
|
||||
/* hash ipad ^ key */
|
||||
- sha1_update(&state->init_ctx, ipad, 64);
|
||||
+ crypto_sha1_update(&state->init_ctx, ipad, 64);
|
||||
memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
|
||||
|
||||
return err_status_ok;
|
||||
@@ -161,7 +161,7 @@ hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) {
|
||||
octet_string_hex_string(message, msg_octets));
|
||||
|
||||
/* hash message into sha1 context */
|
||||
- sha1_update(&state->ctx, message, msg_octets);
|
||||
+ crypto_sha1_update(&state->ctx, message, msg_octets);
|
||||
|
||||
return err_status_ok;
|
||||
}
|
||||
@@ -179,7 +179,7 @@ hmac_compute(hmac_ctx_t *state, const void *message,
|
||||
|
||||
/* hash message, copy output into H */
|
||||
hmac_update(state, (const uint8_t*)message, msg_octets);
|
||||
- sha1_final(&state->ctx, H);
|
||||
+ crypto_sha1_final(&state->ctx, H);
|
||||
|
||||
/*
|
||||
* note that we don't need to debug_print() the input, since the
|
||||
@@ -189,16 +189,16 @@ hmac_compute(hmac_ctx_t *state, const void *message,
|
||||
octet_string_hex_string((uint8_t *)H, 20));
|
||||
|
||||
/* re-initialize hash context */
|
||||
- sha1_init(&state->ctx);
|
||||
+ crypto_sha1_init(&state->ctx);
|
||||
|
||||
/* hash opad ^ key */
|
||||
- sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
|
||||
+ crypto_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
|
||||
|
||||
/* hash the result of the inner hash */
|
||||
- sha1_update(&state->ctx, (uint8_t *)H, 20);
|
||||
+ crypto_sha1_update(&state->ctx, (uint8_t *)H, 20);
|
||||
|
||||
/* the result is returned in the array hash_value[] */
|
||||
- sha1_final(&state->ctx, hash_value);
|
||||
+ crypto_sha1_final(&state->ctx, hash_value);
|
||||
|
||||
/* copy hash_value to *result */
|
||||
for (i=0; i < tag_len; i++)
|
||||
--- a/crypto/hash/sha1.c
|
||||
+++ a/crypto/hash/sha1.c
|
||||
@@ -74,12 +74,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */
|
||||
uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
|
||||
|
||||
void
|
||||
-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
|
||||
+crypto_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
|
||||
sha1_ctx_t ctx;
|
||||
|
||||
- sha1_init(&ctx);
|
||||
- sha1_update(&ctx, msg, octets_in_msg);
|
||||
- sha1_final(&ctx, hash_value);
|
||||
+ crypto_sha1_init(&ctx);
|
||||
+ crypto_sha1_update(&ctx, msg, octets_in_msg);
|
||||
+ crypto_sha1_final(&ctx, hash_value);
|
||||
|
||||
}
|
||||
|
||||
@@ -96,7 +96,7 @@ sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
|
||||
*/
|
||||
|
||||
void
|
||||
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
|
||||
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
|
||||
uint32_t H0;
|
||||
uint32_t H1;
|
||||
uint32_t H2;
|
||||
@@ -183,7 +183,7 @@ sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
|
||||
}
|
||||
|
||||
void
|
||||
-sha1_init(sha1_ctx_t *ctx) {
|
||||
+crypto_sha1_init(sha1_ctx_t *ctx) {
|
||||
|
||||
/* initialize state vector */
|
||||
ctx->H[0] = 0x67452301;
|
||||
@@ -201,7 +201,7 @@ sha1_init(sha1_ctx_t *ctx) {
|
||||
}
|
||||
|
||||
void
|
||||
-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
|
||||
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
|
||||
int i;
|
||||
uint8_t *buf = (uint8_t *)ctx->M;
|
||||
|
||||
@@ -226,7 +226,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
|
||||
|
||||
debug_print(mod_sha1, "(update) running sha1_core()", NULL);
|
||||
|
||||
- sha1_core(ctx->M, ctx->H);
|
||||
+ crypto_sha1_core(ctx->M, ctx->H);
|
||||
|
||||
} else {
|
||||
|
||||
@@ -249,7 +249,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
|
||||
*/
|
||||
|
||||
void
|
||||
-sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
|
||||
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
|
||||
uint32_t A, B, C, D, E, TEMP;
|
||||
uint32_t W[80];
|
||||
int i, t;
|
||||
--- a/crypto/include/sha1.h
|
||||
+++ a/crypto/include/sha1.h
|
||||
@@ -65,7 +65,7 @@ typedef struct {
|
||||
*/
|
||||
|
||||
void
|
||||
-sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
|
||||
+crypto_sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
|
||||
|
||||
/*
|
||||
* sha1_init(&ctx) initializes the SHA1 context ctx
|
||||
@@ -79,13 +79,13 @@ sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
|
||||
*/
|
||||
|
||||
void
|
||||
-sha1_init(sha1_ctx_t *ctx);
|
||||
+crypto_sha1_init(sha1_ctx_t *ctx);
|
||||
|
||||
void
|
||||
-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
|
||||
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
|
||||
|
||||
void
|
||||
-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
|
||||
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
|
||||
|
||||
/*
|
||||
* The sha1_core function is INTERNAL to SHA-1, but it is declared
|
||||
@@ -103,6 +103,6 @@ sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
|
||||
*/
|
||||
|
||||
void
|
||||
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
|
||||
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
|
||||
|
||||
#endif /* SHA1_H */
|
||||
--- a/crypto/test/sha1_driver.c
|
||||
+++ a/crypto/test/sha1_driver.c
|
||||
@@ -107,9 +107,9 @@ sha1_test_case_validate(const hash_test_case_t *test_case) {
|
||||
if (test_case->data_len > MAX_HASH_DATA_LEN)
|
||||
return err_status_bad_param;
|
||||
|
||||
- sha1_init(&ctx);
|
||||
- sha1_update(&ctx, test_case->data, test_case->data_len);
|
||||
- sha1_final(&ctx, hash_value);
|
||||
+ crypto_sha1_init(&ctx);
|
||||
+ crypto_sha1_update(&ctx, test_case->data, test_case->data_len);
|
||||
+ crypto_sha1_final(&ctx, hash_value);
|
||||
if (0 == memcmp(test_case->hash, hash_value, 20)) {
|
||||
#if VERBOSE
|
||||
printf("PASSED: reference value: %s\n",
|
||||
|
122
libsrtp-srtp_aes_encrypt.patch
Normal file
122
libsrtp-srtp_aes_encrypt.patch
Normal file
@ -0,0 +1,122 @@
|
||||
--- a/crypto/cipher/aes.c
|
||||
+++ a/crypto/cipher/aes.c
|
||||
@@ -1999,7 +1999,7 @@ aes_inv_final_round(v128_t *state, const v128_t *round_key) {
|
||||
|
||||
|
||||
void
|
||||
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
|
||||
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
|
||||
|
||||
/* add in the subkey */
|
||||
v128_xor_eq(plaintext, &exp_key->round[0]);
|
||||
--- a/crypto/cipher/aes_cbc.c
|
||||
+++ a/crypto/cipher/aes_cbc.c
|
||||
@@ -182,7 +182,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
|
||||
debug_print(mod_aes_cbc, "inblock: %s",
|
||||
v128_hex_string(&c->state));
|
||||
|
||||
- aes_encrypt(&c->state, &c->expanded_key);
|
||||
+ srtp_aes_encrypt(&c->state, &c->expanded_key);
|
||||
|
||||
debug_print(mod_aes_cbc, "outblock: %s",
|
||||
v128_hex_string(&c->state));
|
||||
--- a/crypto/cipher/aes_icm.c
|
||||
+++ a/crypto/cipher/aes_icm.c
|
||||
@@ -240,7 +240,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
|
||||
/* fill keystream buffer, if needed */
|
||||
if (tail_num) {
|
||||
v128_copy(&c->keystream_buffer, &c->counter);
|
||||
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
||||
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
||||
c->bytes_in_buffer = sizeof(v128_t);
|
||||
|
||||
debug_print(mod_aes_icm, "counter: %s",
|
||||
@@ -296,7 +296,7 @@ static inline void
|
||||
aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
|
||||
/* fill buffer with new keystream */
|
||||
v128_copy(&c->keystream_buffer, &c->counter);
|
||||
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
||||
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
||||
c->bytes_in_buffer = sizeof(v128_t);
|
||||
|
||||
debug_print(mod_aes_icm, "counter: %s",
|
||||
--- a/crypto/include/aes.h
|
||||
+++ a/crypto/include/aes.h
|
||||
@@ -70,7 +70,7 @@ aes_expand_decryption_key(const uint8_t *key,
|
||||
aes_expanded_key_t *expanded_key);
|
||||
|
||||
void
|
||||
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
|
||||
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
|
||||
|
||||
void
|
||||
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
|
||||
--- a/crypto/rng/prng.c
|
||||
+++ a/crypto/rng/prng.c
|
||||
@@ -108,7 +108,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
|
||||
v128_copy(&buffer, &x917_prng.state);
|
||||
|
||||
/* apply aes to buffer */
|
||||
- aes_encrypt(&buffer, &x917_prng.key);
|
||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
||||
|
||||
/* write data to output */
|
||||
*dest++ = buffer.v8[0];
|
||||
@@ -132,7 +132,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
|
||||
buffer.v32[0] ^= t;
|
||||
|
||||
/* encrypt buffer */
|
||||
- aes_encrypt(&buffer, &x917_prng.key);
|
||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
||||
|
||||
/* copy buffer into state */
|
||||
v128_copy(&x917_prng.state, &buffer);
|
||||
@@ -150,7 +150,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
|
||||
v128_copy(&buffer, &x917_prng.state);
|
||||
|
||||
/* apply aes to buffer */
|
||||
- aes_encrypt(&buffer, &x917_prng.key);
|
||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
||||
|
||||
/* write data to output */
|
||||
for (i=0; i < tail_len; i++) {
|
||||
@@ -163,7 +163,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
|
||||
buffer.v32[0] ^= t;
|
||||
|
||||
/* encrypt buffer */
|
||||
- aes_encrypt(&buffer, &x917_prng.key);
|
||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
||||
|
||||
/* copy buffer into state */
|
||||
v128_copy(&x917_prng.state, &buffer);
|
||||
--- a/crypto/test/aes_calc.c
|
||||
+++ a/crypto/test/aes_calc.c
|
||||
@@ -105,7 +105,7 @@ main (int argc, char *argv[]) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- aes_encrypt(&data, &exp_key);
|
||||
+ srtp_aes_encrypt(&data, &exp_key);
|
||||
|
||||
/* write ciphertext to output */
|
||||
if (verbose) {
|
||||
--- a/tables/aes_tables.c
|
||||
+++ a/tables/aes_tables.c
|
||||
@@ -294,7 +294,7 @@ main(void) {
|
||||
|
||||
#if AES_INVERSE_TEST
|
||||
/*
|
||||
- * test that aes_encrypt and aes_decrypt are actually
|
||||
+ * test that srtp_aes_encrypt and aes_decrypt are actually
|
||||
* inverses of each other
|
||||
*/
|
||||
|
||||
@@ -331,7 +331,7 @@ aes_test_inverse(void) {
|
||||
v128_copy_octet_string(&x, plaintext);
|
||||
aes_expand_encryption_key(k, expanded_key);
|
||||
aes_expand_decryption_key(k, decrypt_key);
|
||||
- aes_encrypt(&x, expanded_key);
|
||||
+ srtp_aes_encrypt(&x, expanded_key);
|
||||
aes_decrypt(&x, decrypt_key);
|
||||
|
||||
/* compare to expected value then report */
|
@ -3,7 +3,7 @@
|
||||
|
||||
Name: lib%{shortname}
|
||||
Version: 1.4.4
|
||||
Release: 9.%{cvsver}%{?dist}
|
||||
Release: 10.%{cvsver}%{?dist}
|
||||
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
|
||||
Group: System Environment/Libraries
|
||||
License: BSD
|
||||
@ -21,6 +21,8 @@ Source2: config.h
|
||||
# And how does Chromium always manage to find these projects and use them?
|
||||
Patch0: libsrtp-1.4.4-shared.patch
|
||||
Patch1: libsrtp-1.4.4-CVE20132139.patch
|
||||
Patch2: libsrtp-srtp_aes_encrypt.patch
|
||||
Patch3: libsrtp-sha1-name-fix.patch
|
||||
|
||||
%description
|
||||
This package provides an implementation of the Secure Real-time
|
||||
@ -41,6 +43,8 @@ developing applications that use %{name}.
|
||||
%setup -q -n %{shortname}
|
||||
%patch0 -p1 -b .shared
|
||||
%patch1 -p1 -b .CVE20132139
|
||||
%patch2 -p1 -b .srtp_aes_encrypt
|
||||
%patch3 -p1 -b .sha1-name-fix
|
||||
|
||||
# Fix end-of-line encoding
|
||||
sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt
|
||||
@ -91,6 +95,9 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
|
||||
%{_libdir}/*.so
|
||||
|
||||
%changelog
|
||||
* Mon Feb 10 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.4-10.20101004cvs
|
||||
- rename internal functions to avoid conflicts (bz 956340)
|
||||
|
||||
* Mon Dec 30 2013 Tom Callaway <spot@fedoraproject.org> - 1.4.4-9.20101004cvs
|
||||
- apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user