rpms/libsrtp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

1.5.0

Browse Source
This commit is contained in:
Tom Callaway 2014-11-14 10:27:08 -05:00
parent e22ebf94c6
commit dd5f0f5d88
6 changed files with 163 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
/srtp-1.4.4-20101004cvs.tar.bz2
/v1.5.0.tar.gz

77
libsrtp-1.5.0-shared.patch Normal file
View File

@ -0,0 +1,77 @@
diff -up libsrtp-1.5.0/Makefile.in.shared libsrtp-1.5.0/Makefile.in
--- libsrtp-1.5.0/Makefile.in.shared 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/Makefile.in 2014-11-14 10:14:01.604954699 -0500
@@ -113,17 +113,13 @@ kernel = crypto/kernel/crypto_kernel.o
cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
-# libsrtp.a (implements srtp processing)
+# libsrtp (implements srtp processing)
srtpobj = srtp/srtp.o srtp/ekt.o
-libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
- ar cr libsrtp.a $^
- $(RANLIB) libsrtp.a
-
-libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi)
- $(CC) -shared -Wl,-soname,libsrtp.so \
- -o libsrtp.so $^ $(LDFLAGS)
+libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi)
+ $(COMPILE) -shared -pthread -lm -Wl,--no-undefined -Wl,-soname,$@.1 -z noexecstack -o $@.1.0.0 $^
+ ln -s $@.1.0.0 $@
# libcryptomath.a contains general-purpose routines that are used to
# generate tables and verify cryptoalgorithm implementations - this
@@ -150,19 +146,19 @@ testapp = $(crypto_testapp) test/srtp_dr
test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \
test/dtls_srtp_driver$(EXE)
-$(testapp): libsrtp.a
+$(testapp): libsrtp.so
test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+ $(COMPILE) $(LDFLAGS) -o $@ test/rtpw.c test/rtp.c test/getopt_s.c $(LIBS) $(SRTPLIB)
test/srtp_driver$(EXE): test/srtp_driver.c test/getopt_s.c
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+ $(COMPILE) $(LDFLAGS) -o $@ test/srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+ $(COMPILE) $(LDFLAGS) -o $@ test/rdbx_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+ $(COMPILE) $(LDFLAGS) -o $@ test/dtls_srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
test: $(testapp)
@echo "Build done. Please run '$(MAKE) runtest' to run self tests."
@@ -220,7 +216,7 @@ install:
cp $(srcdir)/include/*.h $(DESTDIR)$(includedir)/srtp
cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp
if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi
- if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
+ if [ -f libsrtp.so.0.0.0 ]; then cp libsrtp.so.0.0.0 $(DESTDIR)$(libdir)/; fi
if [ -f libsrtp.so ]; then cp libsrtp.so $(DESTDIR)$(libdir)/; fi
if [ "$(pkgconfig_DATA)" != "" ]; then \
$(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \
@@ -229,7 +225,7 @@ install:
uninstall:
rm -f $(DESTDIR)$(includedir)/srtp/*.h
- rm -f $(DESTDIR)$(libdir)/libsrtp.a
+ rm -f $(DESTDIR)$(libdir)/libsrtp.so*
rm -f $(DESTDIR)$(libdir)/libsrtp.so
-rmdir $(DESTDIR)$(includedir)/srtp
if [ "$(pkgconfig_DATA)" != "" ]; then \
@@ -238,7 +234,7 @@ uninstall:
clean:
rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \
- libcryptomath.a libsrtp.a libsrtp.so core *.core test/core
+ libcryptomath.a libsrtp.so* core *.core test/core
for a in * */* */*/*; do \
if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
done;

52
libsrtp-sha1-name-fix.patch
View File

@ -1,6 +1,7 @@
--- a/crypto/hash/hmac.c
+++ a/crypto/hash/hmac.c
@@ -137,10 +137,10 @@ hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) {
diff -rup libsrtp-1.5.0/crypto/hash/hmac.c libsrtp-1.5.0/crypto/hash/hmac.c
--- libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-31 09:15:20.666474444 -0400
@@ -141,10 +141,10 @@ hmac_init(hmac_ctx_t *state, const uint8
debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
/* initialize sha1 context */
@ -13,7 +14,7 @@
memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
return err_status_ok;
@@ -161,7 +161,7 @@ hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) {
@@ -165,7 +165,7 @@ hmac_update(hmac_ctx_t *state, const uin
octet_string_hex_string(message, msg_octets));
/* hash message into sha1 context */
@ -22,7 +23,7 @@
return err_status_ok;
}
@@ -179,7 +179,7 @@ hmac_compute(hmac_ctx_t *state, const void *message,
@@ -183,7 +183,7 @@ hmac_compute(hmac_ctx_t *state, const vo
/* hash message, copy output into H */
hmac_update(state, (const uint8_t*)message, msg_octets);
@ -31,7 +32,7 @@
/*
* note that we don't need to debug_print() the input, since the
@@ -189,16 +189,16 @@ hmac_compute(hmac_ctx_t *state, const void *message,
@@ -193,16 +193,16 @@ hmac_compute(hmac_ctx_t *state, const vo
octet_string_hex_string((uint8_t *)H, 20));
/* re-initialize hash context */
@ -52,9 +53,10 @@
/* copy hash_value to *result */
for (i=0; i < tag_len; i++)
--- a/crypto/hash/sha1.c
+++ a/crypto/hash/sha1.c
@@ -74,12 +74,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */
diff -rup libsrtp-1.5.0/crypto/hash/sha1.c libsrtp-1.5.0/crypto/hash/sha1.c
--- libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-31 09:15:20.667474449 -0400
@@ -77,12 +77,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt fo
uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
void
@ -71,7 +73,7 @@
}
@@ -96,7 +96,7 @@ sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
@@ -99,7 +99,7 @@ sha1(const uint8_t *msg, int octets_in_
*/
void
@ -80,7 +82,7 @@
uint32_t H0;
uint32_t H1;
uint32_t H2;
@@ -183,7 +183,7 @@ sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
@@ -186,7 +186,7 @@ sha1_core(const uint32_t M[16], uint32_t
}
void
@ -89,7 +91,7 @@
/* initialize state vector */
ctx->H[0] = 0x67452301;
@@ -201,7 +201,7 @@ sha1_init(sha1_ctx_t *ctx) {
@@ -204,7 +204,7 @@ sha1_init(sha1_ctx_t *ctx) {
}
void
@ -98,7 +100,7 @@
int i;
uint8_t *buf = (uint8_t *)ctx->M;
@@ -226,7 +226,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
@@ -229,7 +229,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
debug_print(mod_sha1, "(update) running sha1_core()", NULL);
@ -107,7 +109,7 @@
} else {
@@ -249,7 +249,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
@@ -252,7 +252,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
*/
void
@ -116,9 +118,10 @@
uint32_t A, B, C, D, E, TEMP;
uint32_t W[80];
int i, t;
--- a/crypto/include/sha1.h
+++ a/crypto/include/sha1.h
@@ -65,7 +65,7 @@ typedef struct {
diff -rup libsrtp-1.5.0/crypto/include/sha1.h libsrtp-1.5.0/crypto/include/sha1.h
--- libsrtp-1.5.0/crypto/include/sha1.h 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/include/sha1.h 2014-10-31 09:16:10.367733196 -0400
@@ -103,7 +103,7 @@ typedef struct {
*/
void
@ -127,7 +130,7 @@
/*
* sha1_init(&ctx) initializes the SHA1 context ctx
@@ -79,13 +79,13 @@ sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
@@ -117,13 +117,13 @@ sha1(const uint8_t *message, int octets
*/
void
@ -144,17 +147,19 @@
/*
* The sha1_core function is INTERNAL to SHA-1, but it is declared
@@ -103,6 +103,6 @@ sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
@@ -141,7 +141,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t out
*/
void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
#endif /* SHA1_H */
--- a/crypto/test/sha1_driver.c
+++ a/crypto/test/sha1_driver.c
@@ -107,9 +107,9 @@ sha1_test_case_validate(const hash_test_case_t *test_case) {
#endif /* else OPENSSL */
diff -rup libsrtp-1.5.0/crypto/test/sha1_driver.c libsrtp-1.5.0/crypto/test/sha1_driver.c
--- libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-31 09:15:20.668474454 -0400
@@ -113,9 +113,9 @@ sha1_test_case_validate(const hash_test_
if (test_case->data_len > MAX_HASH_DATA_LEN)
return err_status_bad_param;
@ -167,4 +172,3 @@
if (0 == memcmp(test_case->hash, hash_value, 20)) {
#if VERBOSE
printf("PASSED: reference value: %s\n",

59
libsrtp-srtp_aes_encrypt.patch
View File

@ -1,6 +1,7 @@
--- a/crypto/cipher/aes.c
+++ a/crypto/cipher/aes.c
@@ -1999,7 +1999,7 @@ aes_inv_final_round(v128_t *state, const v128_t *round_key) {
diff -rup a/crypto/cipher/aes.c b/crypto/cipher/aes.c
--- a/crypto/cipher/aes.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/cipher/aes.c 2014-10-31 09:25:20.603597823 -0400
@@ -2002,7 +2002,7 @@ aes_inv_final_round(v128_t *state, const
void
@ -9,9 +10,10 @@
/* add in the subkey */
v128_xor_eq(plaintext, &exp_key->round[0]);
--- a/crypto/cipher/aes_cbc.c
+++ a/crypto/cipher/aes_cbc.c
@@ -182,7 +182,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
diff -rup a/crypto/cipher/aes_cbc.c b/crypto/cipher/aes_cbc.c
--- a/crypto/cipher/aes_cbc.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/cipher/aes_cbc.c 2014-10-31 09:25:20.604597828 -0400
@@ -192,7 +192,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
debug_print(mod_aes_cbc, "inblock: %s",
v128_hex_string(&c->state));
@ -20,9 +22,10 @@
debug_print(mod_aes_cbc, "outblock: %s",
v128_hex_string(&c->state));
--- a/crypto/cipher/aes_icm.c
+++ a/crypto/cipher/aes_icm.c
@@ -240,7 +240,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
diff -rup a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c
--- a/crypto/cipher/aes_icm.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/cipher/aes_icm.c 2014-10-31 09:25:20.604597828 -0400
@@ -260,7 +260,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
/* fill keystream buffer, if needed */
if (tail_num) {
v128_copy(&c->keystream_buffer, &c->counter);
@ -31,7 +34,7 @@
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
@@ -296,7 +296,7 @@ static inline void
@@ -316,7 +316,7 @@ static inline void
aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
@ -40,9 +43,10 @@
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
--- a/crypto/include/aes.h
+++ a/crypto/include/aes.h
@@ -70,7 +70,7 @@ aes_expand_decryption_key(const uint8_t *key,
diff -rup a/crypto/include/aes.h b/crypto/include/aes.h
--- a/crypto/include/aes.h 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/include/aes.h 2014-10-31 09:25:20.604597828 -0400
@@ -68,7 +68,7 @@ aes_expand_decryption_key(const uint8_t
aes_expanded_key_t *expanded_key);
void
@ -51,9 +55,10 @@
void
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
--- a/crypto/rng/prng.c
+++ a/crypto/rng/prng.c
@@ -108,7 +108,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
diff -rup a/crypto/rng/prng.c b/crypto/rng/prng.c
--- a/crypto/rng/prng.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/rng/prng.c 2014-10-31 09:25:20.605597833 -0400
@@ -112,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
@ -62,7 +67,7 @@
/* write data to output */
*dest++ = buffer.v8[0];
@@ -132,7 +132,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
@@ -136,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest
buffer.v32[0] ^= t;
/* encrypt buffer */
@ -71,7 +76,7 @@
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
@@ -150,7 +150,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
@@ -154,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
@ -80,7 +85,7 @@
/* write data to output */
for (i=0; i < tail_len; i++) {
@@ -163,7 +163,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
@@ -167,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest
buffer.v32[0] ^= t;
/* encrypt buffer */
@ -89,9 +94,10 @@
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
--- a/crypto/test/aes_calc.c
+++ a/crypto/test/aes_calc.c
@@ -105,7 +105,7 @@ main (int argc, char *argv[]) {
diff -rup a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c
--- a/crypto/test/aes_calc.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/test/aes_calc.c 2014-10-31 09:25:20.605597833 -0400
@@ -109,7 +109,7 @@ main (int argc, char *argv[]) {
exit(1);
}
@ -100,9 +106,10 @@
/* write ciphertext to output */
if (verbose) {
--- a/tables/aes_tables.c
+++ a/tables/aes_tables.c
@@ -294,7 +294,7 @@ main(void) {
diff -rup a/tables/aes_tables.c b/tables/aes_tables.c
--- a/tables/aes_tables.c 2014-10-13 10:35:33.000000000 -0400
+++ b/tables/aes_tables.c 2014-10-31 09:25:20.605597833 -0400
@@ -298,7 +298,7 @@ main(void) {
#if AES_INVERSE_TEST
/*
@ -111,7 +118,7 @@
* inverses of each other
*/
@@ -331,7 +331,7 @@ aes_test_inverse(void) {
@@ -335,7 +335,7 @@ aes_test_inverse(void) {
v128_copy_octet_string(&x, plaintext);
aes_expand_encryption_key(k, expanded_key);
aes_expand_decryption_key(k, decrypt_key);

42
libsrtp.spec
View File

@ -1,17 +1,13 @@
%global shortname srtp
%global cvsver 20101004cvs
Name: lib%{shortname}
Version: 1.4.4
Release: 13.%{cvsver}%{?dist}
Name: libsrtp
Version: 1.5.0
Release: 1%{?dist}
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
Group: System Environment/Libraries
License: BSD
URL: http://srtp.sourceforge.net
# Upstream 1.4.4 tarball is a bit dated, need to use cvs
# cvs -d:pserver:anonymous@srtp.cvs.sourceforge.net:/cvsroot/srtp co -P srtp
# tar cvfj srtp-1.4.4-20101004cvs.tar.bz2 srtp/
Source0: %{shortname}-%{version}-%{cvsver}.tar.bz2
URL: https://github.com/cisco/libsrtp
Source0: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz
# Pkgconfig goodness
Source1: libsrtp.pc
# Universal config.h
@ -19,10 +15,9 @@ Source2: config.h
# Seriously. Who doesn't do shared libs these days?
# And how does Chromium always manage to find these projects and use them?
Patch0: libsrtp-1.4.4-shared.patch
Patch1: libsrtp-1.4.4-CVE20132139.patch
Patch2: libsrtp-srtp_aes_encrypt.patch
Patch3: libsrtp-sha1-name-fix.patch
Patch0: libsrtp-1.5.0-shared.patch
Patch1: libsrtp-srtp_aes_encrypt.patch
Patch2: libsrtp-sha1-name-fix.patch
%description
This package provides an implementation of the Secure Real-time
@ -40,11 +35,10 @@ The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%prep
%setup -q -n %{shortname}
%setup -q -n %{name}-%{version}
%patch0 -p1 -b .shared
%patch1 -p1 -b .CVE20132139
%patch2 -p1 -b .srtp_aes_encrypt
%patch3 -p1 -b .sha1-name-fix
%patch1 -p1 -b .srtp_aes_encrypt
%patch2 -p1 -b .sha1-name-fix
# Fix end-of-line encoding
sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt
@ -57,15 +51,16 @@ sed -i 's/-z noexecstack//' Makefile.in
%build
export CFLAGS="%{optflags} -fPIC"
%configure --disable-static
%configure
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot}
find %{buildroot} -name '*.la' -exec rm -f {} ';'
pushd %{buildroot}%{_libdir}
ln -sf libsrtp.so.0.0.0 libsrtp.so
ln -sf libsrtp.so.0.0.0 libsrtp.so.0
mv libsrtp.so libsrtp.so.1.0.0
ln -sf libsrtp.so.1.0.0. libsrtp.so
ln -sf libsrtp.so.1.0.0 libsrtp.so.1
popd
# Install the pkg-config file
@ -95,6 +90,13 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
%{_libdir}/*.so
%changelog
* Fri Nov 14 2014 Tom Callaway <spot@fedoraproject.org>
- api changes between 1.4.4 and 1.5.0, bump sover to 1.0.0
- fix linking issue to make proper libsrtp.so.1
* Fri Oct 31 2014 Leif Madsen <leif@leifmadsen.com> - 1.5.0-1
- Update for 1.5.0 release.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-13.20101004cvs
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
160479555f5e95027ad318605c1c670c srtp-1.4.4-20101004cvs.tar.bz2
ec49ba558b4fd056114df2c76935aa8e v1.5.0.tar.gz