rpms/libsrtp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:c8
rpms:imports/c10s/libsrtp-2.3.0-16.el10
rpms:imports/c10s/libsrtp-2.3.0-15.el10
rpms:imports/c9/libsrtp-2.3.0-8.el9
rpms:imports/c9-beta/libsrtp-2.3.0-8.el9
rpms:imports/c9/libsrtp-2.3.0-7.el9
rpms:imports/c9-beta/libsrtp-2.3.0-7.el9
rpms:imports/c8-beta/libsrtp-1.5.4-8.el8
rpms:imports/c8/libsrtp-1.5.4-8.el8
rpms:imports/c8s/libsrtp-1.5.4-8.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8s
rpms:c9s
rpms:c8-beta
rpms:c8
rpms:imports/c10s/libsrtp-2.3.0-16.el10
rpms:imports/c10s/libsrtp-2.3.0-15.el10
rpms:imports/c9/libsrtp-2.3.0-8.el9
rpms:imports/c9-beta/libsrtp-2.3.0-8.el9
rpms:imports/c9/libsrtp-2.3.0-7.el9
rpms:imports/c9-beta/libsrtp-2.3.0-7.el9
rpms:imports/c8-beta/libsrtp-1.5.4-8.el8
rpms:imports/c8/libsrtp-1.5.4-8.el8
rpms:imports/c8s/libsrtp-1.5.4-8.el8

No commits in common. "c8s" and "c10s" have entirely different histories.
c8s ... c10s

9 changed files with 198 additions and 537 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
/srtp-1.4.4-20101004cvs.tar.bz2 /srtp-1.4.4-20101004cvs.tar.bz2
/v1.5.0.tar.gz /v1.5.0.tar.gz
/v1.5.4.tar.gz /v1.5.4.tar.gz
/v2.3.0.tar.gz

502
0001-Changes-for-OpenSSL-1.1.0-compatibility.patch
View File

@ -1,502 +0,0 @@
From b1858f6b5fa33b9ef9eeea1f6152185d54bba323 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Mon, 3 Sep 2018 13:19:44 +0200
Subject: [PATCH] Changes for OpenSSL 1.1.0 compatibility
---
crypto/cipher/aes_gcm_ossl.c | 36 +++++----
crypto/cipher/aes_icm_ossl.c | 18 +++--
crypto/hash/hmac_ossl.c | 135 ++++++++++++----------------------
crypto/include/aes_gcm_ossl.h | 2 +-
crypto/include/aes_icm_ossl.h | 2 +-
crypto/include/sha1.h | 14 ++--
6 files changed, 89 insertions(+), 118 deletions(-)
diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c
index dce2a33..943dbd5 100644
--- a/crypto/cipher/aes_gcm_ossl.c
+++ b/crypto/cipher/aes_gcm_ossl.c
@@ -116,6 +116,13 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
(*c)->state = allptr + sizeof(cipher_t);
gcm = (aes_gcm_ctx_t *)(*c)->state;
+ gcm->ctx = EVP_CIPHER_CTX_new();
+ if (gcm->ctx == NULL) {
+ crypto_free(*c);
+ *c = NULL;
+ return (err_status_alloc_fail);
+ }
+
/* increment ref_count */
switch (key_len) {
case AES_128_GCM_KEYSIZE_WSALT:
@@ -136,7 +143,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&gcm->ctx);
return (err_status_ok);
}
@@ -151,7 +157,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
ctx = (aes_gcm_ctx_t*)c->state;
if (ctx) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ EVP_CIPHER_CTX_free(ctx->ctx);
/* decrement ref_count for the appropriate engine */
switch (ctx->key_size) {
case AES_256_KEYSIZE:
@@ -197,7 +203,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
- EVP_CIPHER_CTX_cleanup(&c->ctx);
+ EVP_CIPHER_CTX_cleanup(c->ctx);
return (err_status_ok);
}
@@ -231,19 +237,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
break;
}
- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
+ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
NULL, (c->dir == direction_encrypt ? 1 : 0))) {
return (err_status_init_fail);
}
/* set IV len and the IV value, the followiong 3 calls are required */
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
return (err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
return (err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
return (err_status_init_fail);
}
@@ -267,9 +273,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
* Set dummy tag, OpenSSL requires the Tag to be set before
* processing AAD
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
+ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
if (rv != aad_len) {
return (err_status_algo_fail);
} else {
@@ -295,7 +301,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
/*
* Encrypt the data
*/
- EVP_Cipher(&c->ctx, buf, buf, *enc_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len);
return (err_status_ok);
}
@@ -317,12 +323,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
/*
* Calculate the tag
*/
- EVP_Cipher(&c->ctx, NULL, NULL, 0);
+ EVP_Cipher(c->ctx, NULL, NULL, 0);
/*
* Retreive the tag
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
/*
* Increase encryption length by desired tag size
@@ -351,14 +357,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
/*
* Set the tag before decrypting
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
buf + (*enc_len - c->tag_len));
- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
/*
* Check the tag
*/
- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
+ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
return (err_status_auth_fail);
}
diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c
index eb58539..1ddd39e 100644
--- a/crypto/cipher/aes_icm_ossl.c
+++ b/crypto/cipher/aes_icm_ossl.c
@@ -143,6 +143,13 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
(*c)->state = allptr + sizeof(cipher_t);
icm = (aes_icm_ctx_t*)(*c)->state;
+ icm->ctx = EVP_CIPHER_CTX_new();
+ if (icm->ctx == NULL) {
+ crypto_free(*c);
+ *c = NULL;
+ return err_status_alloc_fail;
+ }
+
/* increment ref_count */
switch (key_len) {
case AES_128_KEYSIZE_WSALT:
@@ -169,7 +176,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&icm->ctx);
return err_status_ok;
}
@@ -191,7 +197,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
*/
ctx = (aes_icm_ctx_t*)c->state;
if (ctx != NULL) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ EVP_CIPHER_CTX_free(ctx->ctx);
/* decrement ref_count for the appropriate engine */
switch (ctx->key_size) {
case AES_256_KEYSIZE:
@@ -271,7 +277,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,
debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
- EVP_CIPHER_CTX_cleanup(&c->ctx);
+ EVP_CIPHER_CTX_cleanup(c->ctx);
return err_status_ok;
}
@@ -312,7 +318,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
break;
}
- if (!EVP_EncryptInit_ex(&c->ctx, evp,
+ if (!EVP_EncryptInit_ex(c->ctx, evp,
NULL, c->key.v8, c->counter.v8)) {
return err_status_fail;
} else {
@@ -334,12 +340,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
+ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
return err_status_cipher_fail;
}
*enc_len = len;
- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
+ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
return err_status_cipher_fail;
}
*enc_len += len;
diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c
index f62ce57..3f6f97d 100644
--- a/crypto/hash/hmac_ossl.c
+++ b/crypto/hash/hmac_ossl.c
@@ -49,8 +49,10 @@
#include "hmac.h"
#include "alloc.h"
#include <openssl/evp.h>
+#include <openssl/hmac.h>
-#define HMAC_KEYLEN_MAX 20
+#define HMAC_KEYLEN_MAX 20
+#define SHA1_DIGEST_SIZE 20
/* the debug module for authentiation */
@@ -64,8 +66,6 @@ err_status_t
hmac_alloc (auth_t **a, int key_len, int out_len)
{
extern auth_type_t hmac;
- uint8_t *pointer;
- hmac_ctx_t *new_hmac_ctx;
debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
debug_print(mod_hmac, " tag length %d", out_len);
@@ -79,25 +79,28 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
}
/* check output length - should be less than 20 bytes */
- if (out_len > HMAC_KEYLEN_MAX) {
+ if (out_len > SHA1_DIGEST_SIZE) {
return err_status_bad_param;
}
/* allocate memory for auth and hmac_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
- if (pointer == NULL) {
+ *a = crypto_alloc(sizeof(auth_t));
+ if (*a == NULL) {
+ return err_status_alloc_fail;
+ }
+
+ (*a)->state = HMAC_CTX_new();
+ if ((*a)->state == NULL) {
+ crypto_free(*a);
+ *a = NULL;
return err_status_alloc_fail;
}
/* set pointers */
- *a = (auth_t*)pointer;
(*a)->type = &hmac;
- (*a)->state = pointer + sizeof(auth_t);
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
- new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
/* increment global count of all hmac uses */
hmac.ref_count++;
@@ -109,19 +112,14 @@ err_status_t
hmac_dealloc (auth_t *a)
{
extern auth_type_t hmac;
- hmac_ctx_t *hmac_ctx;
+ HMAC_CTX *hmac_ctx;
- hmac_ctx = (hmac_ctx_t*)a->state;
- if (hmac_ctx->ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
- }
- if (hmac_ctx->init_ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
- }
+ hmac_ctx = (HMAC_CTX*)a->state;
+
+ HMAC_CTX_free(hmac_ctx);
/* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)a,
- sizeof(hmac_ctx_t) + sizeof(auth_t));
+ octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t));
/* free memory */
crypto_free(a);
@@ -133,109 +131,68 @@ hmac_dealloc (auth_t *a)
}
err_status_t
-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
+hmac_start (hmac_ctx_t *statev)
{
- int i;
- uint8_t ipad[64];
-
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
- }
-
- /*
- * set values of ipad and opad by exoring the key into the
- * appropriate constant values
- */
- for (i = 0; i < key_len; i++) {
- ipad[i] = key[i] ^ 0x36;
- state->opad[i] = key[i] ^ 0x5c;
- }
- /* set the rest of ipad, opad to constant values */
- for (; i < sizeof(ipad); i++) {
- ipad[i] = 0x36;
- ((uint8_t*)state->opad)[i] = 0x5c;
- }
-
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
+ HMAC_CTX *state = (HMAC_CTX *)statev;
- /* initialize sha1 context */
- sha1_init(&state->init_ctx);
- state->init_ctx_initialized = 1;
+ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
+ return err_status_auth_fail;
- /* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, sizeof(ipad));
- return (hmac_start(state));
+ return err_status_ok;
}
err_status_t
-hmac_start (hmac_ctx_t *state)
+hmac_init (hmac_ctx_t *statev, const uint8_t *key, int key_len)
{
- if (state->ctx_initialized) {
- EVP_MD_CTX_cleanup(&state->ctx);
- }
- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+
+ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
return err_status_auth_fail;
- } else {
- state->ctx_initialized = 1;
- return err_status_ok;
- }
+
+ return err_status_ok;
}
err_status_t
-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
+hmac_update (hmac_ctx_t *statev, const uint8_t *message, int msg_octets)
{
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+
debug_print(mod_hmac, "input: %s",
octet_string_hex_string(message, msg_octets));
- /* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return err_status_auth_fail;
return err_status_ok;
}
err_status_t
-hmac_compute (hmac_ctx_t *state, const void *message,
+hmac_compute (hmac_ctx_t *statev, const void *message,
int msg_octets, int tag_len, uint8_t *result)
{
- uint32_t hash_value[5];
- uint32_t H[5];
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+ uint8_t hash_value[SHA1_DIGEST_SIZE];
int i;
+ unsigned int len;
/* check tag length, return error if we can't provide the value expected */
- if (tag_len > HMAC_KEYLEN_MAX) {
+ if (tag_len > SHA1_DIGEST_SIZE) {
return err_status_bad_param;
}
/* hash message, copy output into H */
- sha1_update(&state->ctx, message, msg_octets);
- sha1_final(&state->ctx, H);
-
- /*
- * note that we don't need to debug_print() the input, since the
- * function hmac_update() already did that for us
- */
- debug_print(mod_hmac, "intermediate state: %s",
- octet_string_hex_string((uint8_t*)H, sizeof(H)));
-
- /* re-initialize hash context */
- sha1_init(&state->ctx);
-
- /* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return err_status_auth_fail;
- /* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
+ if (HMAC_Final(state, hash_value, &len) == 0)
+ return err_status_auth_fail;
- /* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ if (len < tag_len)
+ return err_status_auth_fail;
/* copy hash_value to *result */
for (i = 0; i < tag_len; i++) {
- result[i] = ((uint8_t*)hash_value)[i];
+ result[i] = hash_value[i];
}
debug_print(mod_hmac, "output: %s",
diff --git a/crypto/include/aes_gcm_ossl.h b/crypto/include/aes_gcm_ossl.h
index 8e7711d..4f49b51 100644
--- a/crypto/include/aes_gcm_ossl.h
+++ b/crypto/include/aes_gcm_ossl.h
@@ -55,7 +55,7 @@ typedef struct {
v256_t key;
int key_size;
int tag_len;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX* ctx;
cipher_direction_t dir;
} aes_gcm_ctx_t;
diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h
index b4ec40a..af23320 100644
--- a/crypto/include/aes_icm_ossl.h
+++ b/crypto/include/aes_icm_ossl.h
@@ -72,7 +72,7 @@ typedef struct {
v128_t offset; /* initial offset value */
v256_t key;
int key_size;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX* ctx;
} aes_icm_ctx_t;
err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h
index 2ce53e8..fb5bd95 100644
--- a/crypto/include/sha1.h
+++ b/crypto/include/sha1.h
@@ -56,8 +56,6 @@
#include <openssl/evp.h>
#include <stdint.h>
-typedef EVP_MD_CTX sha1_ctx_t;
-
/*
* sha1_init(&ctx) initializes the SHA1 context ctx
*
@@ -72,23 +70,27 @@ typedef EVP_MD_CTX sha1_ctx_t;
*
*/
+typedef EVP_MD_CTX* sha1_ctx_t;
+
static inline void sha1_init (sha1_ctx_t *ctx)
{
- EVP_MD_CTX_init(ctx);
- EVP_DigestInit(ctx, EVP_sha1());
+ *ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(*ctx, EVP_sha1());
}
static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
{
- EVP_DigestUpdate(ctx, M, octets_in_msg);
+ EVP_DigestUpdate(*ctx, M, octets_in_msg);
}
static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
{
unsigned int len = 0;
- EVP_DigestFinal(ctx, (unsigned char*)output, &len);
+ EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_free(*ctx);
}
+
#else
#include "datatypes.h"
--
2.17.1

2
gating.yaml
View File

@ -1,6 +1,6 @@
--- !Policy --- !Policy
product_versions: product_versions:
- rhel-8 - rhel-10
decision_context: osci_compose_gate decision_context: osci_compose_gate
rules: rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional} - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

24
libsrtp-2.3.0-nss-3.63-fix.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up libsrtp-2.3.0/crypto/include/aes_gcm.h.nssfix libsrtp-2.3.0/crypto/include/aes_gcm.h
--- libsrtp-2.3.0/crypto/include/aes_gcm.h.nssfix 2021-04-15 13:47:08.667150587 -0400
+++ libsrtp-2.3.0/crypto/include/aes_gcm.h 2021-04-15 13:47:26.991294515 -0400
@@ -66,6 +66,8 @@ typedef struct {
#ifdef NSS
+#define NSS_PKCS11_2_0_COMPAT 1
+
#include <nss.h>
#include <pk11pub.h>
diff -up libsrtp-2.3.0/crypto/include/aes_icm_ext.h.nssfix libsrtp-2.3.0/crypto/include/aes_icm_ext.h
--- libsrtp-2.3.0/crypto/include/aes_icm_ext.h.nssfix 2021-04-15 13:47:36.617370124 -0400
+++ libsrtp-2.3.0/crypto/include/aes_icm_ext.h 2021-04-15 13:59:50.074073286 -0400
@@ -65,6 +65,8 @@ typedef struct {
#ifdef NSS
+#define NSS_PKCS11_2_0_COMPAT 1
+
#include <nss.h>
#include <pk11pub.h>

36
libsrtp-2.3.0-shared-fix.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up libsrtp-2.3.0/Makefile.in.sharedfix libsrtp-2.3.0/Makefile.in
--- libsrtp-2.3.0/Makefile.in.sharedfix 2020-01-07 09:48:36.004217062 -0500
+++ libsrtp-2.3.0/Makefile.in 2020-01-07 09:53:08.117725096 -0500
@@ -106,12 +106,14 @@ bindir = @bindir@
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libsrtp2.pc
-SHAREDLIBVERSION = 1
+SHAREDLIBMINIVER = 1
+SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0
ifneq (,$(or $(findstring linux,@host@), $(findstring gnu,@host@)))
SHAREDLIB_DIR = $(libdir)
-SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
SHAREDLIBSUFFIXNOVER = so
+SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER)
SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
+SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp2.$(SHAREDLIBMINISUFFIX)
else ifneq (,$(or $(findstring cygwin,@host@), $(findstring mingw,@host@)))
SHAREDLIB_DIR = $(bindir)
SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp2.dll.a
@@ -166,6 +168,7 @@ libsrtp2.$(SHAREDLIBSUFFIX): $(srtpobj)
$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
$^ $(LDFLAGS) $(LIBS)
if [ -n "$(SHAREDLIBVERSION)" ]; then \
+ ln -sfn $@ libsrtp2.$(SHAREDLIBMINISUFFIX); \
ln -sfn $@ libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
fi
@@ -288,6 +291,7 @@ install:
cp libsrtp2.$(SHAREDLIBSUFFIXNOVER) $(DESTDIR)$(SHAREDLIB_DIR)/; \
if [ -n "$(SHAREDLIBVERSION)" ]; then \
ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
+ ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBMINISUFFIX); \
fi; \
fi
$(INSTALL) -d $(DESTDIR)$(pkgconfigdir)

13
libsrtp-2.3.0-shared-test-fix.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up libsrtp-2.3.0/Makefile.in.test-shared libsrtp-2.3.0/Makefile.in
--- libsrtp-2.3.0/Makefile.in.test-shared 2020-10-12 16:00:39.065842309 -0400
+++ libsrtp-2.3.0/Makefile.in 2020-10-12 16:01:11.244097667 -0400
@@ -196,7 +196,7 @@ ifeq (1, $(HAVE_PCAP))
testapp += test/rtp_decoder$(EXE)
endif
-$(testapp): libsrtp2.a
+$(testapp): libsrtp2.$(SHAREDLIBSUFFIX)
test/rtpw$(EXE): test/rtpw.c test/rtp.c test/util.c test/getopt_s.c \
crypto/math/datatypes.c
diff -up libsrtp-2.3.0/Makefile.test-shared libsrtp-2.3.0/Makefile

12
libsrtp-2.3.0-test-util.patch Normal file
View File

@ -0,0 +1,12 @@
diff -r -u libsrtp-2.3.0.orig/test/util.c libsrtp-2.3.0/test/util.c
--- libsrtp-2.3.0.orig/test/util.c 2019-12-23 10:58:25.000000000 +0100
+++ libsrtp-2.3.0/test/util.c 2020-10-09 11:56:31.455502870 +0200
@@ -49,7 +49,7 @@
#include <stdint.h>
/* include space for null terminator */
-char bit_string[MAX_PRINT_STRING_LEN + 1];
+static char bit_string[MAX_PRINT_STRING_LEN + 1];
static inline int hex_char_to_nibble(uint8_t c)
{

143
libsrtp.spec
View File

@ -1,23 +1,24 @@
%global shortname srtp %global shortname srtp
Name: libsrtp Name: libsrtp
Version: 1.5.4 Version: 2.3.0
Release: 8%{?dist} Release: 16%{?dist}
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP) Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
Group: System Environment/Libraries License: BSD-3-Clause
License: BSD
URL: https://github.com/cisco/libsrtp URL: https://github.com/cisco/libsrtp
Source0: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz Source0: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz
# Universal config.h BuildRequires: gcc, nss-devel, libpcap-devel
Source2: config.h BuildRequires: make
BuildRequires: procps-ng
# Fix shared lib so ldconfig doesn't complain # Fix shared lib so ldconfig doesn't complain
Patch0: libsrtp-1.5.4-shared-fix.patch Patch0: libsrtp-2.3.0-shared-fix.patch
Patch1: libsrtp-srtp_aes_encrypt.patch # Fix namespace issue in test/util.c
Patch2: libsrtp-sha1-name-fix.patch Patch1: libsrtp-2.3.0-test-util.patch
Patch3: libsrtp-fix-name-collision-on-MIPS.patch # Link test binaries against shared lib
Patch4: 0001-Changes-for-OpenSSL-1.1.0-compatibility.patch Patch2: libsrtp-2.3.0-shared-test-fix.patch
# Fix issue with NSS 3.63 incompatibility
BuildRequires: openssl-devel >= 1.1.0 # credit to George Joseph
Patch3: libsrtp-2.3.0-nss-3.63-fix.patch
%description %description
This package provides an implementation of the Secure Real-time This package provides an implementation of the Secure Real-time
@ -26,7 +27,6 @@ a supporting cryptographic kernel.
%package devel %package devel
Summary: Development files for %{name} Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig Requires: pkgconfig
@ -34,13 +34,19 @@ Requires: pkgconfig
The %{name}-devel package contains libraries and header files for The %{name}-devel package contains libraries and header files for
developing applications that use %{name}. developing applications that use %{name}.
%package tools
Summary: Tools for testing and decoding SRTP
Requires: %{name}%{?_isa} = %{version}-%{release}
%description tools
Tools for testing and decoding SRTP
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch0 -p1 -b .sharedfix %patch 0 -p1 -b .sharedfix
%patch1 -p1 -b .srtp_aes_encrypt %patch 1 -p1 -b .utilfix
%patch2 -p1 -b .sha1-name-fix %patch 2 -p1 -b .test-shared-fix
%patch3 -p1 -b .mips-name-fix %patch 3 -p1 -b .nssfix
%patch4 -p1 -b .4
%if 0%{?rhel} > 0 %if 0%{?rhel} > 0
%ifarch ppc64 %ifarch ppc64
@ -50,35 +56,106 @@ sed -i 's/-z noexecstack//' Makefile.in
%build %build
export CFLAGS="%{optflags} -fPIC" export CFLAGS="%{optflags} -fPIC"
%configure --enable-openssl %configure --enable-nss
make %{?_smp_mflags} shared_library make %{?_smp_mflags} shared_library test
%install %install
make install DESTDIR=%{buildroot} make install DESTDIR=%{buildroot}
find %{buildroot} -name '*.la' -exec rm -f {} ';' find %{buildroot} -name '*.la' -exec rm -f {} ';'
find %{buildroot} -name '*.a' -exec rm -f {} ';'
# Handle multilib issues with config.h install -D -p -m 0755 test/dtls_srtp_driver %{buildroot}%{_bindir}/dtls_srtp_driver
mv %{buildroot}%{_includedir}/%{shortname}/config.h %{buildroot}%{_includedir}/%{shortname}/config-%{__isa_bits}.h install -D -p -m 0755 test/rdbx_driver %{buildroot}%{_bindir}/rdbx_driver
cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h install -D -p -m 0755 test/replay_driver %{buildroot}%{_bindir}/replay_driver
install -D -p -m 0755 test/roc_driver %{buildroot}%{_bindir}/roc_driver
install -D -p -m 0755 test/rtp_decoder %{buildroot}%{_bindir}/rtp_decoder
install -D -p -m 0755 test/rtpw %{buildroot}%{_bindir}/rtpw
install -D -p -m 0755 test/srtp_driver %{buildroot}%{_bindir}/srtp_driver
install -D -p -m 0755 test/test_srtp %{buildroot}%{_bindir}/test_srtp
%post -p /sbin/ldconfig %ldconfig_scriptlets
%postun -p /sbin/ldconfig
%check
# the test code does by default not use the libsrtp we built here, but the one installed on the system
# force LD_LIBRARY_PATH to use the one built in this spec
export LD_LIBRARY_PATH="%{_builddir}/%{name}-%{version}"
sed -i -e 's#LD_LIBRARY_PATH=.*#LD_LIBRARY_PATH=\"%{_builddir}/%{name}-%{version}\"#' test/rtpw_test.sh test/rtpw_test_gcm.sh
make runtest
%files %files
%license LICENSE %license LICENSE
%doc CHANGES README TODO VERSION doc/*.txt doc/*.pdf %doc CHANGES README.md
%{_libdir}/*.so.* %{_libdir}/*.so.*
%files devel %files devel
%{_includedir}/%{shortname}/ %{_includedir}/%{shortname}2/
%{_libdir}/pkgconfig/libsrtp.pc %{_libdir}/pkgconfig/libsrtp2.pc
%{_libdir}/*.so %{_libdir}/*.so
%files tools
%{_bindir}/*
%changelog %changelog
* Mon Sep 03 2018 Wim Taymans <wtaymans@redhat.com> - 1.5.4-8 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.3.0-16
- Port to openssl 1.1.0 - Bump release for October 2024 mass rebuild:
- Build against openssl Resolves: RHEL-64018
- Resolves: rhbz#1618747
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.3.0-15
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 07 2023 Wim Taymans <wtaymans@redhat.com> - 2.3.0-11
- add %check (thanks to Gerd v. Egidy) Related: rhbz#2163492
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Apr 15 2021 Tom Callaway <spot@fedoraproject.org> - 2.3.0-6
- fix NSS incompatibility, thanks to George Joseph
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Oct 12 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-4
- add -tools subpackage (thanks to Gerd v. Egidy)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 7 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-1
- update to 2.3.0
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jul 23 2018 Tom Callaway <spot@fedoraproject.org> - 1.5.4-9
- add BuildRequires: gcc
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-7 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (v1.5.4.tar.gz) = fcf6a36a0f687a6aa2b245e4055332ae892c953e19ebe3bfb7d091da0a7afbfcb804d9f602bd2d849235b559d3ca7924ee00c7f0da419c23b053b096ef4ccd19 SHA512 (v2.3.0.tar.gz) = 34b1a01cb9a75aed175be09aadd2827224203b9801becc3fbc5214667cce79c3b87b0f59e4315583863ab5a2cc4fc81d56ab604a5e4c984518b8a8a2a7b77461