rpms
/
libsrtp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:c8
rpms:imports/c9/libsrtp-2.3.0-8.el9
rpms:imports/c9-beta/libsrtp-2.3.0-8.el9
rpms:imports/c9/libsrtp-2.3.0-7.el9
rpms:imports/c9-beta/libsrtp-2.3.0-7.el9
rpms:imports/c8-beta/libsrtp-1.5.4-8.el8
rpms:imports/c8/libsrtp-1.5.4-8.el8
rpms:imports/c8s/libsrtp-1.5.4-8.el8
...
pull from: rpms:c9
Branches Tags
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:c8
rpms:c8s
rpms:imports/c9/libsrtp-2.3.0-8.el9
rpms:imports/c9-beta/libsrtp-2.3.0-8.el9
rpms:imports/c9/libsrtp-2.3.0-7.el9
rpms:imports/c9-beta/libsrtp-2.3.0-7.el9
rpms:imports/c8-beta/libsrtp-1.5.4-8.el8
rpms:imports/c8/libsrtp-1.5.4-8.el8
rpms:imports/c8s/libsrtp-1.5.4-8.el8

No commits in common. "c8s" and "c9" have entirely different histories.
c8s ... c9

13 changed files with 163 additions and 946 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/v1.5.4.tar.gz
SOURCES/v2.3.0.tar.gz

2
.libsrtp.metadata
View File

@ -1 +1 @@
568030da728a03b1d39d3dc1a5c31c3228fa73d5 SOURCES/v1.5.4.tar.gz
263a45a82cb1acb1a6c7beef64def31949496a02 SOURCES/v2.3.0.tar.gz

502
SOURCES/0001-Changes-for-OpenSSL-1.1.0-compatibility.patch
View File

@ -1,502 +0,0 @@
From b1858f6b5fa33b9ef9eeea1f6152185d54bba323 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Mon, 3 Sep 2018 13:19:44 +0200
Subject: [PATCH] Changes for OpenSSL 1.1.0 compatibility
---
crypto/cipher/aes_gcm_ossl.c | 36 +++++----
crypto/cipher/aes_icm_ossl.c | 18 +++--
crypto/hash/hmac_ossl.c | 135 ++++++++++++----------------------
crypto/include/aes_gcm_ossl.h | 2 +-
crypto/include/aes_icm_ossl.h | 2 +-
crypto/include/sha1.h | 14 ++--
6 files changed, 89 insertions(+), 118 deletions(-)
diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c
index dce2a33..943dbd5 100644
--- a/crypto/cipher/aes_gcm_ossl.c
+++ b/crypto/cipher/aes_gcm_ossl.c
@@ -116,6 +116,13 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
(*c)->state = allptr + sizeof(cipher_t);
gcm = (aes_gcm_ctx_t *)(*c)->state;
+ gcm->ctx = EVP_CIPHER_CTX_new();
+ if (gcm->ctx == NULL) {
+ crypto_free(*c);
+ *c = NULL;
+ return (err_status_alloc_fail);
+ }
+
/* increment ref_count */
switch (key_len) {
case AES_128_GCM_KEYSIZE_WSALT:
@@ -136,7 +143,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&gcm->ctx);
return (err_status_ok);
}
@@ -151,7 +157,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
ctx = (aes_gcm_ctx_t*)c->state;
if (ctx) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ EVP_CIPHER_CTX_free(ctx->ctx);
/* decrement ref_count for the appropriate engine */
switch (ctx->key_size) {
case AES_256_KEYSIZE:
@@ -197,7 +203,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
- EVP_CIPHER_CTX_cleanup(&c->ctx);
+ EVP_CIPHER_CTX_cleanup(c->ctx);
return (err_status_ok);
}
@@ -231,19 +237,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
break;
}
- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
+ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
NULL, (c->dir == direction_encrypt ? 1 : 0))) {
return (err_status_init_fail);
}
/* set IV len and the IV value, the followiong 3 calls are required */
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
return (err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
return (err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
return (err_status_init_fail);
}
@@ -267,9 +273,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
* Set dummy tag, OpenSSL requires the Tag to be set before
* processing AAD
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
+ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
if (rv != aad_len) {
return (err_status_algo_fail);
} else {
@@ -295,7 +301,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
/*
* Encrypt the data
*/
- EVP_Cipher(&c->ctx, buf, buf, *enc_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len);
return (err_status_ok);
}
@@ -317,12 +323,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
/*
* Calculate the tag
*/
- EVP_Cipher(&c->ctx, NULL, NULL, 0);
+ EVP_Cipher(c->ctx, NULL, NULL, 0);
/*
* Retreive the tag
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
/*
* Increase encryption length by desired tag size
@@ -351,14 +357,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
/*
* Set the tag before decrypting
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
buf + (*enc_len - c->tag_len));
- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
/*
* Check the tag
*/
- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
+ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
return (err_status_auth_fail);
}
diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c
index eb58539..1ddd39e 100644
--- a/crypto/cipher/aes_icm_ossl.c
+++ b/crypto/cipher/aes_icm_ossl.c
@@ -143,6 +143,13 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
(*c)->state = allptr + sizeof(cipher_t);
icm = (aes_icm_ctx_t*)(*c)->state;
+ icm->ctx = EVP_CIPHER_CTX_new();
+ if (icm->ctx == NULL) {
+ crypto_free(*c);
+ *c = NULL;
+ return err_status_alloc_fail;
+ }
+
/* increment ref_count */
switch (key_len) {
case AES_128_KEYSIZE_WSALT:
@@ -169,7 +176,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&icm->ctx);
return err_status_ok;
}
@@ -191,7 +197,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
*/
ctx = (aes_icm_ctx_t*)c->state;
if (ctx != NULL) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ EVP_CIPHER_CTX_free(ctx->ctx);
/* decrement ref_count for the appropriate engine */
switch (ctx->key_size) {
case AES_256_KEYSIZE:
@@ -271,7 +277,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,
debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
- EVP_CIPHER_CTX_cleanup(&c->ctx);
+ EVP_CIPHER_CTX_cleanup(c->ctx);
return err_status_ok;
}
@@ -312,7 +318,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
break;
}
- if (!EVP_EncryptInit_ex(&c->ctx, evp,
+ if (!EVP_EncryptInit_ex(c->ctx, evp,
NULL, c->key.v8, c->counter.v8)) {
return err_status_fail;
} else {
@@ -334,12 +340,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
+ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
return err_status_cipher_fail;
}
*enc_len = len;
- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
+ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
return err_status_cipher_fail;
}
*enc_len += len;
diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c
index f62ce57..3f6f97d 100644
--- a/crypto/hash/hmac_ossl.c
+++ b/crypto/hash/hmac_ossl.c
@@ -49,8 +49,10 @@
#include "hmac.h"
#include "alloc.h"
#include <openssl/evp.h>
+#include <openssl/hmac.h>
-#define HMAC_KEYLEN_MAX 20
+#define HMAC_KEYLEN_MAX 20
+#define SHA1_DIGEST_SIZE 20
/* the debug module for authentiation */
@@ -64,8 +66,6 @@ err_status_t
hmac_alloc (auth_t **a, int key_len, int out_len)
{
extern auth_type_t hmac;
- uint8_t *pointer;
- hmac_ctx_t *new_hmac_ctx;
debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
debug_print(mod_hmac, " tag length %d", out_len);
@@ -79,25 +79,28 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
}
/* check output length - should be less than 20 bytes */
- if (out_len > HMAC_KEYLEN_MAX) {
+ if (out_len > SHA1_DIGEST_SIZE) {
return err_status_bad_param;
}
/* allocate memory for auth and hmac_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
- if (pointer == NULL) {
+ *a = crypto_alloc(sizeof(auth_t));
+ if (*a == NULL) {
+ return err_status_alloc_fail;
+ }
+
+ (*a)->state = HMAC_CTX_new();
+ if ((*a)->state == NULL) {
+ crypto_free(*a);
+ *a = NULL;
return err_status_alloc_fail;
}
/* set pointers */
- *a = (auth_t*)pointer;
(*a)->type = &hmac;
- (*a)->state = pointer + sizeof(auth_t);
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
- new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
/* increment global count of all hmac uses */
hmac.ref_count++;
@@ -109,19 +112,14 @@ err_status_t
hmac_dealloc (auth_t *a)
{
extern auth_type_t hmac;
- hmac_ctx_t *hmac_ctx;
+ HMAC_CTX *hmac_ctx;
- hmac_ctx = (hmac_ctx_t*)a->state;
- if (hmac_ctx->ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
- }
- if (hmac_ctx->init_ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
- }
+ hmac_ctx = (HMAC_CTX*)a->state;
+
+ HMAC_CTX_free(hmac_ctx);
/* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)a,
- sizeof(hmac_ctx_t) + sizeof(auth_t));
+ octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t));
/* free memory */
crypto_free(a);
@@ -133,109 +131,68 @@ hmac_dealloc (auth_t *a)
}
err_status_t
-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
+hmac_start (hmac_ctx_t *statev)
{
- int i;
- uint8_t ipad[64];
-
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
- }
-
- /*
- * set values of ipad and opad by exoring the key into the
- * appropriate constant values
- */
- for (i = 0; i < key_len; i++) {
- ipad[i] = key[i] ^ 0x36;
- state->opad[i] = key[i] ^ 0x5c;
- }
- /* set the rest of ipad, opad to constant values */
- for (; i < sizeof(ipad); i++) {
- ipad[i] = 0x36;
- ((uint8_t*)state->opad)[i] = 0x5c;
- }
-
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
+ HMAC_CTX *state = (HMAC_CTX *)statev;
- /* initialize sha1 context */
- sha1_init(&state->init_ctx);
- state->init_ctx_initialized = 1;
+ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
+ return err_status_auth_fail;
- /* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, sizeof(ipad));
- return (hmac_start(state));
+ return err_status_ok;
}
err_status_t
-hmac_start (hmac_ctx_t *state)
+hmac_init (hmac_ctx_t *statev, const uint8_t *key, int key_len)
{
- if (state->ctx_initialized) {
- EVP_MD_CTX_cleanup(&state->ctx);
- }
- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+
+ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
return err_status_auth_fail;
- } else {
- state->ctx_initialized = 1;
- return err_status_ok;
- }
+
+ return err_status_ok;
}
err_status_t
-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
+hmac_update (hmac_ctx_t *statev, const uint8_t *message, int msg_octets)
{
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+
debug_print(mod_hmac, "input: %s",
octet_string_hex_string(message, msg_octets));
- /* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return err_status_auth_fail;
return err_status_ok;
}
err_status_t
-hmac_compute (hmac_ctx_t *state, const void *message,
+hmac_compute (hmac_ctx_t *statev, const void *message,
int msg_octets, int tag_len, uint8_t *result)
{
- uint32_t hash_value[5];
- uint32_t H[5];
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+ uint8_t hash_value[SHA1_DIGEST_SIZE];
int i;
+ unsigned int len;
/* check tag length, return error if we can't provide the value expected */
- if (tag_len > HMAC_KEYLEN_MAX) {
+ if (tag_len > SHA1_DIGEST_SIZE) {
return err_status_bad_param;
}
/* hash message, copy output into H */
- sha1_update(&state->ctx, message, msg_octets);
- sha1_final(&state->ctx, H);
-
- /*
- * note that we don't need to debug_print() the input, since the
- * function hmac_update() already did that for us
- */
- debug_print(mod_hmac, "intermediate state: %s",
- octet_string_hex_string((uint8_t*)H, sizeof(H)));
-
- /* re-initialize hash context */
- sha1_init(&state->ctx);
-
- /* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return err_status_auth_fail;
- /* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
+ if (HMAC_Final(state, hash_value, &len) == 0)
+ return err_status_auth_fail;
- /* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ if (len < tag_len)
+ return err_status_auth_fail;
/* copy hash_value to *result */
for (i = 0; i < tag_len; i++) {
- result[i] = ((uint8_t*)hash_value)[i];
+ result[i] = hash_value[i];
}
debug_print(mod_hmac, "output: %s",
diff --git a/crypto/include/aes_gcm_ossl.h b/crypto/include/aes_gcm_ossl.h
index 8e7711d..4f49b51 100644
--- a/crypto/include/aes_gcm_ossl.h
+++ b/crypto/include/aes_gcm_ossl.h
@@ -55,7 +55,7 @@ typedef struct {
v256_t key;
int key_size;
int tag_len;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX* ctx;
cipher_direction_t dir;
} aes_gcm_ctx_t;
diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h
index b4ec40a..af23320 100644
--- a/crypto/include/aes_icm_ossl.h
+++ b/crypto/include/aes_icm_ossl.h
@@ -72,7 +72,7 @@ typedef struct {
v128_t offset; /* initial offset value */
v256_t key;
int key_size;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX* ctx;
} aes_icm_ctx_t;
err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h
index 2ce53e8..fb5bd95 100644
--- a/crypto/include/sha1.h
+++ b/crypto/include/sha1.h
@@ -56,8 +56,6 @@
#include <openssl/evp.h>
#include <stdint.h>
-typedef EVP_MD_CTX sha1_ctx_t;
-
/*
* sha1_init(&ctx) initializes the SHA1 context ctx
*
@@ -72,23 +70,27 @@ typedef EVP_MD_CTX sha1_ctx_t;
*
*/
+typedef EVP_MD_CTX* sha1_ctx_t;
+
static inline void sha1_init (sha1_ctx_t *ctx)
{
- EVP_MD_CTX_init(ctx);
- EVP_DigestInit(ctx, EVP_sha1());
+ *ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(*ctx, EVP_sha1());
}
static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
{
- EVP_DigestUpdate(ctx, M, octets_in_msg);
+ EVP_DigestUpdate(*ctx, M, octets_in_msg);
}
static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
{
unsigned int len = 0;
- EVP_DigestFinal(ctx, (unsigned char*)output, &len);
+ EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_free(*ctx);
}
+
#else
#include "datatypes.h"
--
2.17.1

18
SOURCES/config.h
View File

@ -1,18 +0,0 @@
/* This file is here to prevent a file conflict on multiarch systems. A
* conflict will frequently occur because arch-specific build-time
* configuration options are stored (and used, so they can't just be stripped
* out) in config.h. The original config.h has been renamed.
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
#ifdef srtp_multilib_redirection_h
#error "Do not define srtp_multilib_redirection_h!"
#endif
#define srtp_multilib_redirection_h
#if defined(__x86_64__) || defined(__PPC64__) || (defined(__sparc__) && defined(__arch64__)) || defined(__s390x__) || defined(__aarch64__)
#include "srtp/config-64.h"
#else
#include "srtp/config-32.h"
#endif
#undef srtp_multilib_redirection_h

36
SOURCES/libsrtp-1.5.4-shared-fix.patch
View File

@ -1,36 +0,0 @@
diff -up libsrtp-1.5.4/Makefile.in.sharedfix libsrtp-1.5.4/Makefile.in
--- libsrtp-1.5.4/Makefile.in.sharedfix 2016-02-02 14:56:49.000000000 -0500
+++ libsrtp-1.5.4/Makefile.in 2016-02-12 09:38:18.228208296 -0500
@@ -84,12 +84,14 @@ pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libsrtp.pc
endif
-SHAREDLIBVERSION = 1
+SHAREDLIBMINIVER = 1
+SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0
ifeq (linux,$(findstring linux,@host@))
SHAREDLIB_DIR = $(libdir)
-SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
SHAREDLIBSUFFIXNOVER = so
SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
+SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER)
+SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp.$(SHAREDLIBMINISUFFIX)
else ifeq (mingw,$(findstring mingw,@host@))
SHAREDLIB_DIR = $(bindir)
SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp.dll.a
@@ -148,6 +150,7 @@ libsrtp.$(SHAREDLIBSUFFIX): $(srtpobj) $
$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
$^ $(LDFLAGS) $(LIBS)
if [ -n "$(SHAREDLIBVERSION)" ]; then \
+ ln -sfn $@ libsrtp.$(SHAREDLIBMINISUFFIX); \
ln -sfn $@ libsrtp.$(SHAREDLIBSUFFIXNOVER); \
fi
@@ -274,6 +277,7 @@ install:
$(INSTALL) -d $(DESTDIR)$(SHAREDLIB_DIR); \
cp libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/; \
ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBSUFFIXNOVER); \
+ ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBMINISUFFIX); \
fi
if [ "$(pkgconfig_DATA)" != "" ]; then \
$(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \

24
SOURCES/libsrtp-2.3.0-nss-3.63-fix.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up libsrtp-2.3.0/crypto/include/aes_gcm.h.nssfix libsrtp-2.3.0/crypto/include/aes_gcm.h
--- libsrtp-2.3.0/crypto/include/aes_gcm.h.nssfix 2021-04-15 13:47:08.667150587 -0400
+++ libsrtp-2.3.0/crypto/include/aes_gcm.h 2021-04-15 13:47:26.991294515 -0400
@@ -66,6 +66,8 @@ typedef struct {
#ifdef NSS
+#define NSS_PKCS11_2_0_COMPAT 1
+
#include <nss.h>
#include <pk11pub.h>
diff -up libsrtp-2.3.0/crypto/include/aes_icm_ext.h.nssfix libsrtp-2.3.0/crypto/include/aes_icm_ext.h
--- libsrtp-2.3.0/crypto/include/aes_icm_ext.h.nssfix 2021-04-15 13:47:36.617370124 -0400
+++ libsrtp-2.3.0/crypto/include/aes_icm_ext.h 2021-04-15 13:59:50.074073286 -0400
@@ -65,6 +65,8 @@ typedef struct {
#ifdef NSS
+#define NSS_PKCS11_2_0_COMPAT 1
+
#include <nss.h>
#include <pk11pub.h>

36
SOURCES/libsrtp-2.3.0-shared-fix.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up libsrtp-2.3.0/Makefile.in.sharedfix libsrtp-2.3.0/Makefile.in
--- libsrtp-2.3.0/Makefile.in.sharedfix 2020-01-07 09:48:36.004217062 -0500
+++ libsrtp-2.3.0/Makefile.in 2020-01-07 09:53:08.117725096 -0500
@@ -106,12 +106,14 @@ bindir = @bindir@
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libsrtp2.pc
-SHAREDLIBVERSION = 1
+SHAREDLIBMINIVER = 1
+SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0
ifneq (,$(or $(findstring linux,@host@), $(findstring gnu,@host@)))
SHAREDLIB_DIR = $(libdir)
-SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
SHAREDLIBSUFFIXNOVER = so
+SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER)
SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
+SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp2.$(SHAREDLIBMINISUFFIX)
else ifneq (,$(or $(findstring cygwin,@host@), $(findstring mingw,@host@)))
SHAREDLIB_DIR = $(bindir)
SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp2.dll.a
@@ -166,6 +168,7 @@ libsrtp2.$(SHAREDLIBSUFFIX): $(srtpobj)
$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
$^ $(LDFLAGS) $(LIBS)
if [ -n "$(SHAREDLIBVERSION)" ]; then \
+ ln -sfn $@ libsrtp2.$(SHAREDLIBMINISUFFIX); \
ln -sfn $@ libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
fi
@@ -288,6 +291,7 @@ install:
cp libsrtp2.$(SHAREDLIBSUFFIXNOVER) $(DESTDIR)$(SHAREDLIB_DIR)/; \
if [ -n "$(SHAREDLIBVERSION)" ]; then \
ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
+ ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBMINISUFFIX); \
fi; \
fi
$(INSTALL) -d $(DESTDIR)$(pkgconfigdir)

13
SOURCES/libsrtp-2.3.0-shared-test-fix.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up libsrtp-2.3.0/Makefile.in.test-shared libsrtp-2.3.0/Makefile.in
--- libsrtp-2.3.0/Makefile.in.test-shared 2020-10-12 16:00:39.065842309 -0400
+++ libsrtp-2.3.0/Makefile.in 2020-10-12 16:01:11.244097667 -0400
@@ -196,7 +196,7 @@ ifeq (1, $(HAVE_PCAP))
testapp += test/rtp_decoder$(EXE)
endif
-$(testapp): libsrtp2.a
+$(testapp): libsrtp2.$(SHAREDLIBSUFFIX)
test/rtpw$(EXE): test/rtpw.c test/rtp.c test/util.c test/getopt_s.c \
crypto/math/datatypes.c
diff -up libsrtp-2.3.0/Makefile.test-shared libsrtp-2.3.0/Makefile

12
SOURCES/libsrtp-2.3.0-test-util.patch Normal file
View File

@ -0,0 +1,12 @@
diff -r -u libsrtp-2.3.0.orig/test/util.c libsrtp-2.3.0/test/util.c
--- libsrtp-2.3.0.orig/test/util.c 2019-12-23 10:58:25.000000000 +0100
+++ libsrtp-2.3.0/test/util.c 2020-10-09 11:56:31.455502870 +0200
@@ -49,7 +49,7 @@
#include <stdint.h>
/* include space for null terminator */
-char bit_string[MAX_PRINT_STRING_LEN + 1];
+static char bit_string[MAX_PRINT_STRING_LEN + 1];
static inline int hex_char_to_nibble(uint8_t c)
{

55
SOURCES/libsrtp-fix-name-collision-on-MIPS.patch
View File

@ -1,55 +0,0 @@
diff -urp libsrtp-1.5.0/test/srtp_driver.c l/test/srtp_driver.c
--- libsrtp-1.5.0/test/srtp_driver.c 2014-10-13 16:35:33.000000000 +0200
+++ libsrtp-1.5.4/test/srtp_driver.c 2015-09-18 06:41:50.740727805 +0200
@@ -341,7 +341,7 @@ main (int argc, char *argv[]) {
if (do_codec_timing) {
srtp_policy_t policy;
int ignore;
- double mips = mips_estimate(1000000000, &ignore);
+ double mips_est = mips_estimate(1000000000, &ignore);
crypto_policy_set_rtp_default(&policy.rtp);
crypto_policy_set_rtcp_default(&policy.rtcp);
@@ -353,33 +353,33 @@ main (int argc, char *argv[]) {
policy.allow_repeat_tx = 0;
policy.next = NULL;
- printf("mips estimate: %e\n", mips);
+ printf("mips estimate: %e\n", mips_est);
printf("testing srtp processing time for voice codecs:\n");
printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
printf("G.711\t\t%d\t\t\t%e\n", 80,
- (double) mips * (80 * 8) /
+ (double) mips_est * (80 * 8) /
srtp_bits_per_second(80, &policy) / .01 );
printf("G.711\t\t%d\t\t\t%e\n", 160,
- (double) mips * (160 * 8) /
+ (double) mips_est * (160 * 8) /
srtp_bits_per_second(160, &policy) / .02);
printf("G.726-32\t%d\t\t\t%e\n", 40,
- (double) mips * (40 * 8) /
+ (double) mips_est * (40 * 8) /
srtp_bits_per_second(40, &policy) / .01 );
printf("G.726-32\t%d\t\t\t%e\n", 80,
- (double) mips * (80 * 8) /
+ (double) mips_est * (80 * 8) /
srtp_bits_per_second(80, &policy) / .02);
printf("G.729\t\t%d\t\t\t%e\n", 10,
- (double) mips * (10 * 8) /
+ (double) mips_est * (10 * 8) /
srtp_bits_per_second(10, &policy) / .01 );
printf("G.729\t\t%d\t\t\t%e\n", 20,
- (double) mips * (20 * 8) /
+ (double) mips_est * (20 * 8) /
srtp_bits_per_second(20, &policy) / .02 );
printf("Wideband\t%d\t\t\t%e\n", 320,
- (double) mips * (320 * 8) /
+ (double) mips_est * (320 * 8) /
srtp_bits_per_second(320, &policy) / .01 );
printf("Wideband\t%d\t\t\t%e\n", 640,
- (double) mips * (640 * 8) /
+ (double) mips_est * (640 * 8) /
srtp_bits_per_second(640, &policy) / .02 );
}

174
SOURCES/libsrtp-sha1-name-fix.patch
View File

@ -1,174 +0,0 @@
diff -rup libsrtp-1.5.0/crypto/hash/hmac.c libsrtp-1.5.0/crypto/hash/hmac.c
--- libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-31 09:15:20.666474444 -0400
@@ -141,10 +141,10 @@ hmac_init(hmac_ctx_t *state, const uint8
debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
/* initialize sha1 context */
- sha1_init(&state->init_ctx);
+ crypto_sha1_init(&state->init_ctx);
/* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, 64);
+ crypto_sha1_update(&state->init_ctx, ipad, 64);
memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
return err_status_ok;
@@ -165,7 +165,7 @@ hmac_update(hmac_ctx_t *state, const uin
octet_string_hex_string(message, msg_octets));
/* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ crypto_sha1_update(&state->ctx, message, msg_octets);
return err_status_ok;
}
@@ -183,7 +183,7 @@ hmac_compute(hmac_ctx_t *state, const vo
/* hash message, copy output into H */
hmac_update(state, (const uint8_t*)message, msg_octets);
- sha1_final(&state->ctx, H);
+ crypto_sha1_final(&state->ctx, H);
/*
* note that we don't need to debug_print() the input, since the
@@ -193,16 +193,16 @@ hmac_compute(hmac_ctx_t *state, const vo
octet_string_hex_string((uint8_t *)H, 20));
/* re-initialize hash context */
- sha1_init(&state->ctx);
+ crypto_sha1_init(&state->ctx);
/* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
+ crypto_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
/* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t *)H, 20);
+ crypto_sha1_update(&state->ctx, (uint8_t *)H, 20);
/* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ crypto_sha1_final(&state->ctx, hash_value);
/* copy hash_value to *result */
for (i=0; i < tag_len; i++)
diff -rup libsrtp-1.5.0/crypto/hash/sha1.c libsrtp-1.5.0/crypto/hash/sha1.c
--- libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-31 09:15:20.667474449 -0400
@@ -77,12 +77,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt fo
uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
void
-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
+crypto_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
sha1_ctx_t ctx;
- sha1_init(&ctx);
- sha1_update(&ctx, msg, octets_in_msg);
- sha1_final(&ctx, hash_value);
+ crypto_sha1_init(&ctx);
+ crypto_sha1_update(&ctx, msg, octets_in_msg);
+ crypto_sha1_final(&ctx, hash_value);
}
@@ -99,7 +99,7 @@ sha1(const uint8_t *msg, int octets_in_
*/
void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
uint32_t H0;
uint32_t H1;
uint32_t H2;
@@ -186,7 +186,7 @@ sha1_core(const uint32_t M[16], uint32_t
}
void
-sha1_init(sha1_ctx_t *ctx) {
+crypto_sha1_init(sha1_ctx_t *ctx) {
/* initialize state vector */
ctx->H[0] = 0x67452301;
@@ -204,7 +204,7 @@ sha1_init(sha1_ctx_t *ctx) {
}
void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
int i;
uint8_t *buf = (uint8_t *)ctx->M;
@@ -229,7 +229,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
debug_print(mod_sha1, "(update) running sha1_core()", NULL);
- sha1_core(ctx->M, ctx->H);
+ crypto_sha1_core(ctx->M, ctx->H);
} else {
@@ -252,7 +252,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
*/
void
-sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
uint32_t A, B, C, D, E, TEMP;
uint32_t W[80];
int i, t;
diff -rup libsrtp-1.5.0/crypto/include/sha1.h libsrtp-1.5.0/crypto/include/sha1.h
--- libsrtp-1.5.0/crypto/include/sha1.h 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/include/sha1.h 2014-10-31 09:16:10.367733196 -0400
@@ -103,7 +103,7 @@ typedef struct {
*/
void
-sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
+crypto_sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
/*
* sha1_init(&ctx) initializes the SHA1 context ctx
@@ -117,13 +117,13 @@ sha1(const uint8_t *message, int octets
*/
void
-sha1_init(sha1_ctx_t *ctx);
+crypto_sha1_init(sha1_ctx_t *ctx);
void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
void
-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
/*
* The sha1_core function is INTERNAL to SHA-1, but it is declared
@@ -141,7 +141,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t out
*/
void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
#endif /* else OPENSSL */
diff -rup libsrtp-1.5.0/crypto/test/sha1_driver.c libsrtp-1.5.0/crypto/test/sha1_driver.c
--- libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-13 10:35:33.000000000 -0400
+++ libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-31 09:15:20.668474454 -0400
@@ -113,9 +113,9 @@ sha1_test_case_validate(const hash_test_
if (test_case->data_len > MAX_HASH_DATA_LEN)
return err_status_bad_param;
- sha1_init(&ctx);
- sha1_update(&ctx, test_case->data, test_case->data_len);
- sha1_final(&ctx, hash_value);
+ crypto_sha1_init(&ctx);
+ crypto_sha1_update(&ctx, test_case->data, test_case->data_len);
+ crypto_sha1_final(&ctx, hash_value);
if (0 == memcmp(test_case->hash, hash_value, 20)) {
#if VERBOSE
printf("PASSED: reference value: %s\n",

129
SOURCES/libsrtp-srtp_aes_encrypt.patch
View File

@ -1,129 +0,0 @@
diff -rup a/crypto/cipher/aes.c b/crypto/cipher/aes.c
--- a/crypto/cipher/aes.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/cipher/aes.c 2014-10-31 09:25:20.603597823 -0400
@@ -2002,7 +2002,7 @@ aes_inv_final_round(v128_t *state, const
void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
/* add in the subkey */
v128_xor_eq(plaintext, &exp_key->round[0]);
diff -rup a/crypto/cipher/aes_cbc.c b/crypto/cipher/aes_cbc.c
--- a/crypto/cipher/aes_cbc.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/cipher/aes_cbc.c 2014-10-31 09:25:20.604597828 -0400
@@ -192,7 +192,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
debug_print(mod_aes_cbc, "inblock: %s",
v128_hex_string(&c->state));
- aes_encrypt(&c->state, &c->expanded_key);
+ srtp_aes_encrypt(&c->state, &c->expanded_key);
debug_print(mod_aes_cbc, "outblock: %s",
v128_hex_string(&c->state));
diff -rup a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c
--- a/crypto/cipher/aes_icm.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/cipher/aes_icm.c 2014-10-31 09:25:20.604597828 -0400
@@ -260,7 +260,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
/* fill keystream buffer, if needed */
if (tail_num) {
v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
@@ -316,7 +316,7 @@ static inline void
aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
diff -rup a/crypto/include/aes.h b/crypto/include/aes.h
--- a/crypto/include/aes.h 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/include/aes.h 2014-10-31 09:25:20.604597828 -0400
@@ -68,7 +68,7 @@ aes_expand_decryption_key(const uint8_t
aes_expanded_key_t *expanded_key);
void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
void
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
diff -rup a/crypto/rng/prng.c b/crypto/rng/prng.c
--- a/crypto/rng/prng.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/rng/prng.c 2014-10-31 09:25:20.605597833 -0400
@@ -112,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
- aes_encrypt(&buffer, &x917_prng.key);
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
/* write data to output */
*dest++ = buffer.v8[0];
@@ -136,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest
buffer.v32[0] ^= t;
/* encrypt buffer */
- aes_encrypt(&buffer, &x917_prng.key);
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
@@ -154,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
- aes_encrypt(&buffer, &x917_prng.key);
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
/* write data to output */
for (i=0; i < tail_len; i++) {
@@ -167,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest
buffer.v32[0] ^= t;
/* encrypt buffer */
- aes_encrypt(&buffer, &x917_prng.key);
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
diff -rup a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c
--- a/crypto/test/aes_calc.c 2014-10-13 10:35:33.000000000 -0400
+++ b/crypto/test/aes_calc.c 2014-10-31 09:25:20.605597833 -0400
@@ -109,7 +109,7 @@ main (int argc, char *argv[]) {
exit(1);
}
- aes_encrypt(&data, &exp_key);
+ srtp_aes_encrypt(&data, &exp_key);
/* write ciphertext to output */
if (verbose) {
diff -rup a/tables/aes_tables.c b/tables/aes_tables.c
--- a/tables/aes_tables.c 2014-10-13 10:35:33.000000000 -0400
+++ b/tables/aes_tables.c 2014-10-31 09:25:20.605597833 -0400
@@ -298,7 +298,7 @@ main(void) {
#if AES_INVERSE_TEST
/*
- * test that aes_encrypt and aes_decrypt are actually
+ * test that srtp_aes_encrypt and aes_decrypt are actually
* inverses of each other
*/
@@ -335,7 +335,7 @@ aes_test_inverse(void) {
v128_copy_octet_string(&x, plaintext);
aes_expand_encryption_key(k, expanded_key);
aes_expand_decryption_key(k, decrypt_key);
- aes_encrypt(&x, expanded_key);
+ srtp_aes_encrypt(&x, expanded_key);
aes_decrypt(&x, decrypt_key);
/* compare to expected value then report */

106
SPECS/libsrtp.spec
View File

@ -1,23 +1,23 @@
%global shortname srtp
Name: libsrtp
Version: 1.5.4
Version: 2.3.0
Release: 8%{?dist}
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
Group: System Environment/Libraries
License: BSD
URL: https://github.com/cisco/libsrtp
Source0: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz
# Universal config.h
Source2: config.h
BuildRequires: gcc, nss-devel, libpcap-devel
BuildRequires: make
# Fix shared lib so ldconfig doesn't complain
Patch0: libsrtp-1.5.4-shared-fix.patch
Patch1: libsrtp-srtp_aes_encrypt.patch
Patch2: libsrtp-sha1-name-fix.patch
Patch3: libsrtp-fix-name-collision-on-MIPS.patch
Patch4: 0001-Changes-for-OpenSSL-1.1.0-compatibility.patch
BuildRequires: openssl-devel >= 1.1.0
Patch0: libsrtp-2.3.0-shared-fix.patch
# Fix namespace issue in test/util.c
Patch1: libsrtp-2.3.0-test-util.patch
# Link test binaries against shared lib
Patch2: libsrtp-2.3.0-shared-test-fix.patch
# Fix issue with NSS 3.63 incompatibility
# credit to George Joseph
Patch3: libsrtp-2.3.0-nss-3.63-fix.patch
%description
This package provides an implementation of the Secure Real-time
@ -26,7 +26,6 @@ a supporting cryptographic kernel.
%package devel
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
@ -34,13 +33,19 @@ Requires: pkgconfig
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package tools
Summary: Tools for testing and decoding SRTP
Requires: %{name}%{?_isa} = %{version}-%{release}
%description tools
Tools for testing and decoding SRTP
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1 -b .sharedfix
%patch1 -p1 -b .srtp_aes_encrypt
%patch2 -p1 -b .sha1-name-fix
%patch3 -p1 -b .mips-name-fix
%patch4 -p1 -b .4
%patch1 -p1 -b .utilfix
%patch2 -p1 -b .test-shared-fix
%patch3 -p1 -b .nssfix
%if 0%{?rhel} > 0
%ifarch ppc64
@ -50,35 +55,76 @@ sed -i 's/-z noexecstack//' Makefile.in
%build
export CFLAGS="%{optflags} -fPIC"
%configure --enable-openssl
make %{?_smp_mflags} shared_library
%configure --enable-nss
make %{?_smp_mflags} shared_library test
%install
make install DESTDIR=%{buildroot}
find %{buildroot} -name '*.la' -exec rm -f {} ';'
find %{buildroot} -name '*.a' -exec rm -f {} ';'
# Handle multilib issues with config.h
mv %{buildroot}%{_includedir}/%{shortname}/config.h %{buildroot}%{_includedir}/%{shortname}/config-%{__isa_bits}.h
cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
install -D -p -m 0755 test/dtls_srtp_driver %{buildroot}%{_bindir}/dtls_srtp_driver
install -D -p -m 0755 test/rdbx_driver %{buildroot}%{_bindir}/rdbx_driver
install -D -p -m 0755 test/replay_driver %{buildroot}%{_bindir}/replay_driver
install -D -p -m 0755 test/roc_driver %{buildroot}%{_bindir}/roc_driver
install -D -p -m 0755 test/rtp_decoder %{buildroot}%{_bindir}/rtp_decoder
install -D -p -m 0755 test/rtpw %{buildroot}%{_bindir}/rtpw
install -D -p -m 0755 test/srtp_driver %{buildroot}%{_bindir}/srtp_driver
install -D -p -m 0755 test/test_srtp %{buildroot}%{_bindir}/test_srtp
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%ldconfig_scriptlets
%files
%license LICENSE
%doc CHANGES README TODO VERSION doc/*.txt doc/*.pdf
%doc CHANGES README.md
%{_libdir}/*.so.*
%files devel
%{_includedir}/%{shortname}/
%{_libdir}/pkgconfig/libsrtp.pc
%{_includedir}/%{shortname}2/
%{_libdir}/pkgconfig/libsrtp2.pc
%{_libdir}/*.so
%files tools
%{_bindir}/*
%changelog
* Mon Sep 03 2018 Wim Taymans <wtaymans@redhat.com> - 1.5.4-8
- Port to openssl 1.1.0
- Build against openssl
- Resolves: rhbz#1618747
* Thu Jul 06 2023 Wim Taymans <wtaymans@redhat.com> - 2.3.0-8
- fix NSS incompatibility, thanks to George Joseph
Resolves: rhbz#2211526
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Oct 12 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-4
- add -tools subpackage (thanks to Gerd v. Egidy)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 7 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-1
- update to 2.3.0
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jul 23 2018 Tom Callaway <spot@fedoraproject.org> - 1.5.4-9
- add BuildRequires: gcc
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild