Compare commits
No commits in common. "c8s" and "imports/c9/libsrtp-2.3.0-7.el9" have entirely different histories.
c8s
...
imports/c9
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,3 +1 @@
|
|||||||
/srtp-1.4.4-20101004cvs.tar.bz2
|
SOURCES/v2.3.0.tar.gz
|
||||||
/v1.5.0.tar.gz
|
|
||||||
/v1.5.4.tar.gz
|
|
||||||
|
1
.libsrtp.metadata
Normal file
1
.libsrtp.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
263a45a82cb1acb1a6c7beef64def31949496a02 SOURCES/v2.3.0.tar.gz
|
@ -1,502 +0,0 @@
|
|||||||
From b1858f6b5fa33b9ef9eeea1f6152185d54bba323 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Wim Taymans <wtaymans@redhat.com>
|
|
||||||
Date: Mon, 3 Sep 2018 13:19:44 +0200
|
|
||||||
Subject: [PATCH] Changes for OpenSSL 1.1.0 compatibility
|
|
||||||
|
|
||||||
---
|
|
||||||
crypto/cipher/aes_gcm_ossl.c | 36 +++++----
|
|
||||||
crypto/cipher/aes_icm_ossl.c | 18 +++--
|
|
||||||
crypto/hash/hmac_ossl.c | 135 ++++++++++++----------------------
|
|
||||||
crypto/include/aes_gcm_ossl.h | 2 +-
|
|
||||||
crypto/include/aes_icm_ossl.h | 2 +-
|
|
||||||
crypto/include/sha1.h | 14 ++--
|
|
||||||
6 files changed, 89 insertions(+), 118 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c
|
|
||||||
index dce2a33..943dbd5 100644
|
|
||||||
--- a/crypto/cipher/aes_gcm_ossl.c
|
|
||||||
+++ b/crypto/cipher/aes_gcm_ossl.c
|
|
||||||
@@ -116,6 +116,13 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
|
|
||||||
(*c)->state = allptr + sizeof(cipher_t);
|
|
||||||
gcm = (aes_gcm_ctx_t *)(*c)->state;
|
|
||||||
|
|
||||||
+ gcm->ctx = EVP_CIPHER_CTX_new();
|
|
||||||
+ if (gcm->ctx == NULL) {
|
|
||||||
+ crypto_free(*c);
|
|
||||||
+ *c = NULL;
|
|
||||||
+ return (err_status_alloc_fail);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* increment ref_count */
|
|
||||||
switch (key_len) {
|
|
||||||
case AES_128_GCM_KEYSIZE_WSALT:
|
|
||||||
@@ -136,7 +143,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
|
|
||||||
|
|
||||||
/* set key size */
|
|
||||||
(*c)->key_len = key_len;
|
|
||||||
- EVP_CIPHER_CTX_init(&gcm->ctx);
|
|
||||||
|
|
||||||
return (err_status_ok);
|
|
||||||
}
|
|
||||||
@@ -151,7 +157,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
|
|
||||||
|
|
||||||
ctx = (aes_gcm_ctx_t*)c->state;
|
|
||||||
if (ctx) {
|
|
||||||
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
|
|
||||||
+ EVP_CIPHER_CTX_free(ctx->ctx);
|
|
||||||
/* decrement ref_count for the appropriate engine */
|
|
||||||
switch (ctx->key_size) {
|
|
||||||
case AES_256_KEYSIZE:
|
|
||||||
@@ -197,7 +203,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
|
|
||||||
|
|
||||||
debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
|
|
||||||
|
|
||||||
- EVP_CIPHER_CTX_cleanup(&c->ctx);
|
|
||||||
+ EVP_CIPHER_CTX_cleanup(c->ctx);
|
|
||||||
|
|
||||||
return (err_status_ok);
|
|
||||||
}
|
|
||||||
@@ -231,19 +237,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
|
|
||||||
+ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
|
|
||||||
NULL, (c->dir == direction_encrypt ? 1 : 0))) {
|
|
||||||
return (err_status_init_fail);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* set IV len and the IV value, the followiong 3 calls are required */
|
|
||||||
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
|
|
||||||
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
|
|
||||||
return (err_status_init_fail);
|
|
||||||
}
|
|
||||||
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
|
|
||||||
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
|
|
||||||
return (err_status_init_fail);
|
|
||||||
}
|
|
||||||
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
|
|
||||||
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
|
|
||||||
return (err_status_init_fail);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -267,9 +273,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
|
|
||||||
* Set dummy tag, OpenSSL requires the Tag to be set before
|
|
||||||
* processing AAD
|
|
||||||
*/
|
|
||||||
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
|
|
||||||
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
|
|
||||||
|
|
||||||
- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
|
|
||||||
+ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
|
|
||||||
if (rv != aad_len) {
|
|
||||||
return (err_status_algo_fail);
|
|
||||||
} else {
|
|
||||||
@@ -295,7 +301,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
|
|
||||||
/*
|
|
||||||
* Encrypt the data
|
|
||||||
*/
|
|
||||||
- EVP_Cipher(&c->ctx, buf, buf, *enc_len);
|
|
||||||
+ EVP_Cipher(c->ctx, buf, buf, *enc_len);
|
|
||||||
|
|
||||||
return (err_status_ok);
|
|
||||||
}
|
|
||||||
@@ -317,12 +323,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
|
|
||||||
/*
|
|
||||||
* Calculate the tag
|
|
||||||
*/
|
|
||||||
- EVP_Cipher(&c->ctx, NULL, NULL, 0);
|
|
||||||
+ EVP_Cipher(c->ctx, NULL, NULL, 0);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Retreive the tag
|
|
||||||
*/
|
|
||||||
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
|
|
||||||
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Increase encryption length by desired tag size
|
|
||||||
@@ -351,14 +357,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
|
|
||||||
/*
|
|
||||||
* Set the tag before decrypting
|
|
||||||
*/
|
|
||||||
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
|
|
||||||
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
|
|
||||||
buf + (*enc_len - c->tag_len));
|
|
||||||
- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
|
|
||||||
+ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Check the tag
|
|
||||||
*/
|
|
||||||
- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
|
|
||||||
+ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
|
|
||||||
return (err_status_auth_fail);
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c
|
|
||||||
index eb58539..1ddd39e 100644
|
|
||||||
--- a/crypto/cipher/aes_icm_ossl.c
|
|
||||||
+++ b/crypto/cipher/aes_icm_ossl.c
|
|
||||||
@@ -143,6 +143,13 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
|
|
||||||
(*c)->state = allptr + sizeof(cipher_t);
|
|
||||||
icm = (aes_icm_ctx_t*)(*c)->state;
|
|
||||||
|
|
||||||
+ icm->ctx = EVP_CIPHER_CTX_new();
|
|
||||||
+ if (icm->ctx == NULL) {
|
|
||||||
+ crypto_free(*c);
|
|
||||||
+ *c = NULL;
|
|
||||||
+ return err_status_alloc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* increment ref_count */
|
|
||||||
switch (key_len) {
|
|
||||||
case AES_128_KEYSIZE_WSALT:
|
|
||||||
@@ -169,7 +176,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
|
|
||||||
|
|
||||||
/* set key size */
|
|
||||||
(*c)->key_len = key_len;
|
|
||||||
- EVP_CIPHER_CTX_init(&icm->ctx);
|
|
||||||
|
|
||||||
return err_status_ok;
|
|
||||||
}
|
|
||||||
@@ -191,7 +197,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
|
|
||||||
*/
|
|
||||||
ctx = (aes_icm_ctx_t*)c->state;
|
|
||||||
if (ctx != NULL) {
|
|
||||||
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
|
|
||||||
+ EVP_CIPHER_CTX_free(ctx->ctx);
|
|
||||||
/* decrement ref_count for the appropriate engine */
|
|
||||||
switch (ctx->key_size) {
|
|
||||||
case AES_256_KEYSIZE:
|
|
||||||
@@ -271,7 +277,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,
|
|
||||||
debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
|
|
||||||
debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
|
|
||||||
|
|
||||||
- EVP_CIPHER_CTX_cleanup(&c->ctx);
|
|
||||||
+ EVP_CIPHER_CTX_cleanup(c->ctx);
|
|
||||||
|
|
||||||
return err_status_ok;
|
|
||||||
}
|
|
||||||
@@ -312,7 +318,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (!EVP_EncryptInit_ex(&c->ctx, evp,
|
|
||||||
+ if (!EVP_EncryptInit_ex(c->ctx, evp,
|
|
||||||
NULL, c->key.v8, c->counter.v8)) {
|
|
||||||
return err_status_fail;
|
|
||||||
} else {
|
|
||||||
@@ -334,12 +340,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
|
|
||||||
|
|
||||||
debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
|
|
||||||
|
|
||||||
- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
|
|
||||||
+ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
|
|
||||||
return err_status_cipher_fail;
|
|
||||||
}
|
|
||||||
*enc_len = len;
|
|
||||||
|
|
||||||
- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
|
|
||||||
+ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
|
|
||||||
return err_status_cipher_fail;
|
|
||||||
}
|
|
||||||
*enc_len += len;
|
|
||||||
diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c
|
|
||||||
index f62ce57..3f6f97d 100644
|
|
||||||
--- a/crypto/hash/hmac_ossl.c
|
|
||||||
+++ b/crypto/hash/hmac_ossl.c
|
|
||||||
@@ -49,8 +49,10 @@
|
|
||||||
#include "hmac.h"
|
|
||||||
#include "alloc.h"
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
+#include <openssl/hmac.h>
|
|
||||||
|
|
||||||
-#define HMAC_KEYLEN_MAX 20
|
|
||||||
+#define HMAC_KEYLEN_MAX 20
|
|
||||||
+#define SHA1_DIGEST_SIZE 20
|
|
||||||
|
|
||||||
/* the debug module for authentiation */
|
|
||||||
|
|
||||||
@@ -64,8 +66,6 @@ err_status_t
|
|
||||||
hmac_alloc (auth_t **a, int key_len, int out_len)
|
|
||||||
{
|
|
||||||
extern auth_type_t hmac;
|
|
||||||
- uint8_t *pointer;
|
|
||||||
- hmac_ctx_t *new_hmac_ctx;
|
|
||||||
|
|
||||||
debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
|
|
||||||
debug_print(mod_hmac, " tag length %d", out_len);
|
|
||||||
@@ -79,25 +79,28 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check output length - should be less than 20 bytes */
|
|
||||||
- if (out_len > HMAC_KEYLEN_MAX) {
|
|
||||||
+ if (out_len > SHA1_DIGEST_SIZE) {
|
|
||||||
return err_status_bad_param;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* allocate memory for auth and hmac_ctx_t structures */
|
|
||||||
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
|
|
||||||
- if (pointer == NULL) {
|
|
||||||
+ *a = crypto_alloc(sizeof(auth_t));
|
|
||||||
+ if (*a == NULL) {
|
|
||||||
+ return err_status_alloc_fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ (*a)->state = HMAC_CTX_new();
|
|
||||||
+ if ((*a)->state == NULL) {
|
|
||||||
+ crypto_free(*a);
|
|
||||||
+ *a = NULL;
|
|
||||||
return err_status_alloc_fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* set pointers */
|
|
||||||
- *a = (auth_t*)pointer;
|
|
||||||
(*a)->type = &hmac;
|
|
||||||
- (*a)->state = pointer + sizeof(auth_t);
|
|
||||||
(*a)->out_len = out_len;
|
|
||||||
(*a)->key_len = key_len;
|
|
||||||
(*a)->prefix_len = 0;
|
|
||||||
- new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
|
|
||||||
- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
|
|
||||||
|
|
||||||
/* increment global count of all hmac uses */
|
|
||||||
hmac.ref_count++;
|
|
||||||
@@ -109,19 +112,14 @@ err_status_t
|
|
||||||
hmac_dealloc (auth_t *a)
|
|
||||||
{
|
|
||||||
extern auth_type_t hmac;
|
|
||||||
- hmac_ctx_t *hmac_ctx;
|
|
||||||
+ HMAC_CTX *hmac_ctx;
|
|
||||||
|
|
||||||
- hmac_ctx = (hmac_ctx_t*)a->state;
|
|
||||||
- if (hmac_ctx->ctx_initialized) {
|
|
||||||
- EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
|
|
||||||
- }
|
|
||||||
- if (hmac_ctx->init_ctx_initialized) {
|
|
||||||
- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
|
|
||||||
- }
|
|
||||||
+ hmac_ctx = (HMAC_CTX*)a->state;
|
|
||||||
+
|
|
||||||
+ HMAC_CTX_free(hmac_ctx);
|
|
||||||
|
|
||||||
/* zeroize entire state*/
|
|
||||||
- octet_string_set_to_zero((uint8_t*)a,
|
|
||||||
- sizeof(hmac_ctx_t) + sizeof(auth_t));
|
|
||||||
+ octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t));
|
|
||||||
|
|
||||||
/* free memory */
|
|
||||||
crypto_free(a);
|
|
||||||
@@ -133,109 +131,68 @@ hmac_dealloc (auth_t *a)
|
|
||||||
}
|
|
||||||
|
|
||||||
err_status_t
|
|
||||||
-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
|
|
||||||
+hmac_start (hmac_ctx_t *statev)
|
|
||||||
{
|
|
||||||
- int i;
|
|
||||||
- uint8_t ipad[64];
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * check key length - note that we don't support keys larger
|
|
||||||
- * than 20 bytes yet
|
|
||||||
- */
|
|
||||||
- if (key_len > HMAC_KEYLEN_MAX) {
|
|
||||||
- return err_status_bad_param;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * set values of ipad and opad by exoring the key into the
|
|
||||||
- * appropriate constant values
|
|
||||||
- */
|
|
||||||
- for (i = 0; i < key_len; i++) {
|
|
||||||
- ipad[i] = key[i] ^ 0x36;
|
|
||||||
- state->opad[i] = key[i] ^ 0x5c;
|
|
||||||
- }
|
|
||||||
- /* set the rest of ipad, opad to constant values */
|
|
||||||
- for (; i < sizeof(ipad); i++) {
|
|
||||||
- ipad[i] = 0x36;
|
|
||||||
- ((uint8_t*)state->opad)[i] = 0x5c;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
|
|
||||||
+ HMAC_CTX *state = (HMAC_CTX *)statev;
|
|
||||||
|
|
||||||
- /* initialize sha1 context */
|
|
||||||
- sha1_init(&state->init_ctx);
|
|
||||||
- state->init_ctx_initialized = 1;
|
|
||||||
+ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
|
|
||||||
+ return err_status_auth_fail;
|
|
||||||
|
|
||||||
- /* hash ipad ^ key */
|
|
||||||
- sha1_update(&state->init_ctx, ipad, sizeof(ipad));
|
|
||||||
- return (hmac_start(state));
|
|
||||||
+ return err_status_ok;
|
|
||||||
}
|
|
||||||
|
|
||||||
err_status_t
|
|
||||||
-hmac_start (hmac_ctx_t *state)
|
|
||||||
+hmac_init (hmac_ctx_t *statev, const uint8_t *key, int key_len)
|
|
||||||
{
|
|
||||||
- if (state->ctx_initialized) {
|
|
||||||
- EVP_MD_CTX_cleanup(&state->ctx);
|
|
||||||
- }
|
|
||||||
- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
|
|
||||||
+ HMAC_CTX *state = (HMAC_CTX *)statev;
|
|
||||||
+
|
|
||||||
+ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
|
|
||||||
return err_status_auth_fail;
|
|
||||||
- } else {
|
|
||||||
- state->ctx_initialized = 1;
|
|
||||||
- return err_status_ok;
|
|
||||||
- }
|
|
||||||
+
|
|
||||||
+ return err_status_ok;
|
|
||||||
}
|
|
||||||
|
|
||||||
err_status_t
|
|
||||||
-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
|
|
||||||
+hmac_update (hmac_ctx_t *statev, const uint8_t *message, int msg_octets)
|
|
||||||
{
|
|
||||||
+ HMAC_CTX *state = (HMAC_CTX *)statev;
|
|
||||||
+
|
|
||||||
debug_print(mod_hmac, "input: %s",
|
|
||||||
octet_string_hex_string(message, msg_octets));
|
|
||||||
|
|
||||||
- /* hash message into sha1 context */
|
|
||||||
- sha1_update(&state->ctx, message, msg_octets);
|
|
||||||
+ if (HMAC_Update(state, message, msg_octets) == 0)
|
|
||||||
+ return err_status_auth_fail;
|
|
||||||
|
|
||||||
return err_status_ok;
|
|
||||||
}
|
|
||||||
|
|
||||||
err_status_t
|
|
||||||
-hmac_compute (hmac_ctx_t *state, const void *message,
|
|
||||||
+hmac_compute (hmac_ctx_t *statev, const void *message,
|
|
||||||
int msg_octets, int tag_len, uint8_t *result)
|
|
||||||
{
|
|
||||||
- uint32_t hash_value[5];
|
|
||||||
- uint32_t H[5];
|
|
||||||
+ HMAC_CTX *state = (HMAC_CTX *)statev;
|
|
||||||
+ uint8_t hash_value[SHA1_DIGEST_SIZE];
|
|
||||||
int i;
|
|
||||||
+ unsigned int len;
|
|
||||||
|
|
||||||
/* check tag length, return error if we can't provide the value expected */
|
|
||||||
- if (tag_len > HMAC_KEYLEN_MAX) {
|
|
||||||
+ if (tag_len > SHA1_DIGEST_SIZE) {
|
|
||||||
return err_status_bad_param;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* hash message, copy output into H */
|
|
||||||
- sha1_update(&state->ctx, message, msg_octets);
|
|
||||||
- sha1_final(&state->ctx, H);
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * note that we don't need to debug_print() the input, since the
|
|
||||||
- * function hmac_update() already did that for us
|
|
||||||
- */
|
|
||||||
- debug_print(mod_hmac, "intermediate state: %s",
|
|
||||||
- octet_string_hex_string((uint8_t*)H, sizeof(H)));
|
|
||||||
-
|
|
||||||
- /* re-initialize hash context */
|
|
||||||
- sha1_init(&state->ctx);
|
|
||||||
-
|
|
||||||
- /* hash opad ^ key */
|
|
||||||
- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
|
|
||||||
+ if (HMAC_Update(state, message, msg_octets) == 0)
|
|
||||||
+ return err_status_auth_fail;
|
|
||||||
|
|
||||||
- /* hash the result of the inner hash */
|
|
||||||
- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
|
|
||||||
+ if (HMAC_Final(state, hash_value, &len) == 0)
|
|
||||||
+ return err_status_auth_fail;
|
|
||||||
|
|
||||||
- /* the result is returned in the array hash_value[] */
|
|
||||||
- sha1_final(&state->ctx, hash_value);
|
|
||||||
+ if (len < tag_len)
|
|
||||||
+ return err_status_auth_fail;
|
|
||||||
|
|
||||||
/* copy hash_value to *result */
|
|
||||||
for (i = 0; i < tag_len; i++) {
|
|
||||||
- result[i] = ((uint8_t*)hash_value)[i];
|
|
||||||
+ result[i] = hash_value[i];
|
|
||||||
}
|
|
||||||
|
|
||||||
debug_print(mod_hmac, "output: %s",
|
|
||||||
diff --git a/crypto/include/aes_gcm_ossl.h b/crypto/include/aes_gcm_ossl.h
|
|
||||||
index 8e7711d..4f49b51 100644
|
|
||||||
--- a/crypto/include/aes_gcm_ossl.h
|
|
||||||
+++ b/crypto/include/aes_gcm_ossl.h
|
|
||||||
@@ -55,7 +55,7 @@ typedef struct {
|
|
||||||
v256_t key;
|
|
||||||
int key_size;
|
|
||||||
int tag_len;
|
|
||||||
- EVP_CIPHER_CTX ctx;
|
|
||||||
+ EVP_CIPHER_CTX* ctx;
|
|
||||||
cipher_direction_t dir;
|
|
||||||
} aes_gcm_ctx_t;
|
|
||||||
|
|
||||||
diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h
|
|
||||||
index b4ec40a..af23320 100644
|
|
||||||
--- a/crypto/include/aes_icm_ossl.h
|
|
||||||
+++ b/crypto/include/aes_icm_ossl.h
|
|
||||||
@@ -72,7 +72,7 @@ typedef struct {
|
|
||||||
v128_t offset; /* initial offset value */
|
|
||||||
v256_t key;
|
|
||||||
int key_size;
|
|
||||||
- EVP_CIPHER_CTX ctx;
|
|
||||||
+ EVP_CIPHER_CTX* ctx;
|
|
||||||
} aes_icm_ctx_t;
|
|
||||||
|
|
||||||
err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
|
|
||||||
diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h
|
|
||||||
index 2ce53e8..fb5bd95 100644
|
|
||||||
--- a/crypto/include/sha1.h
|
|
||||||
+++ b/crypto/include/sha1.h
|
|
||||||
@@ -56,8 +56,6 @@
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include <stdint.h>
|
|
||||||
|
|
||||||
-typedef EVP_MD_CTX sha1_ctx_t;
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* sha1_init(&ctx) initializes the SHA1 context ctx
|
|
||||||
*
|
|
||||||
@@ -72,23 +70,27 @@ typedef EVP_MD_CTX sha1_ctx_t;
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
+typedef EVP_MD_CTX* sha1_ctx_t;
|
|
||||||
+
|
|
||||||
static inline void sha1_init (sha1_ctx_t *ctx)
|
|
||||||
{
|
|
||||||
- EVP_MD_CTX_init(ctx);
|
|
||||||
- EVP_DigestInit(ctx, EVP_sha1());
|
|
||||||
+ *ctx = EVP_MD_CTX_new();
|
|
||||||
+ EVP_DigestInit(*ctx, EVP_sha1());
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
|
|
||||||
{
|
|
||||||
- EVP_DigestUpdate(ctx, M, octets_in_msg);
|
|
||||||
+ EVP_DigestUpdate(*ctx, M, octets_in_msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
|
|
||||||
{
|
|
||||||
unsigned int len = 0;
|
|
||||||
|
|
||||||
- EVP_DigestFinal(ctx, (unsigned char*)output, &len);
|
|
||||||
+ EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
|
|
||||||
+ EVP_MD_CTX_free(*ctx);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
#else
|
|
||||||
#include "datatypes.h"
|
|
||||||
|
|
||||||
--
|
|
||||||
2.17.1
|
|
||||||
|
|
36
SOURCES/libsrtp-2.3.0-shared-fix.patch
Normal file
36
SOURCES/libsrtp-2.3.0-shared-fix.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
diff -up libsrtp-2.3.0/Makefile.in.sharedfix libsrtp-2.3.0/Makefile.in
|
||||||
|
--- libsrtp-2.3.0/Makefile.in.sharedfix 2020-01-07 09:48:36.004217062 -0500
|
||||||
|
+++ libsrtp-2.3.0/Makefile.in 2020-01-07 09:53:08.117725096 -0500
|
||||||
|
@@ -106,12 +106,14 @@ bindir = @bindir@
|
||||||
|
pkgconfigdir = $(libdir)/pkgconfig
|
||||||
|
pkgconfig_DATA = libsrtp2.pc
|
||||||
|
|
||||||
|
-SHAREDLIBVERSION = 1
|
||||||
|
+SHAREDLIBMINIVER = 1
|
||||||
|
+SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0
|
||||||
|
ifneq (,$(or $(findstring linux,@host@), $(findstring gnu,@host@)))
|
||||||
|
SHAREDLIB_DIR = $(libdir)
|
||||||
|
-SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
|
||||||
|
SHAREDLIBSUFFIXNOVER = so
|
||||||
|
+SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER)
|
||||||
|
SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
|
||||||
|
+SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp2.$(SHAREDLIBMINISUFFIX)
|
||||||
|
else ifneq (,$(or $(findstring cygwin,@host@), $(findstring mingw,@host@)))
|
||||||
|
SHAREDLIB_DIR = $(bindir)
|
||||||
|
SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp2.dll.a
|
||||||
|
@@ -166,6 +168,7 @@ libsrtp2.$(SHAREDLIBSUFFIX): $(srtpobj)
|
||||||
|
$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
|
||||||
|
$^ $(LDFLAGS) $(LIBS)
|
||||||
|
if [ -n "$(SHAREDLIBVERSION)" ]; then \
|
||||||
|
+ ln -sfn $@ libsrtp2.$(SHAREDLIBMINISUFFIX); \
|
||||||
|
ln -sfn $@ libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
|
||||||
|
fi
|
||||||
|
|
||||||
|
@@ -288,6 +291,7 @@ install:
|
||||||
|
cp libsrtp2.$(SHAREDLIBSUFFIXNOVER) $(DESTDIR)$(SHAREDLIB_DIR)/; \
|
||||||
|
if [ -n "$(SHAREDLIBVERSION)" ]; then \
|
||||||
|
ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
|
||||||
|
+ ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBMINISUFFIX); \
|
||||||
|
fi; \
|
||||||
|
fi
|
||||||
|
$(INSTALL) -d $(DESTDIR)$(pkgconfigdir)
|
13
SOURCES/libsrtp-2.3.0-shared-test-fix.patch
Normal file
13
SOURCES/libsrtp-2.3.0-shared-test-fix.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up libsrtp-2.3.0/Makefile.in.test-shared libsrtp-2.3.0/Makefile.in
|
||||||
|
--- libsrtp-2.3.0/Makefile.in.test-shared 2020-10-12 16:00:39.065842309 -0400
|
||||||
|
+++ libsrtp-2.3.0/Makefile.in 2020-10-12 16:01:11.244097667 -0400
|
||||||
|
@@ -196,7 +196,7 @@ ifeq (1, $(HAVE_PCAP))
|
||||||
|
testapp += test/rtp_decoder$(EXE)
|
||||||
|
endif
|
||||||
|
|
||||||
|
-$(testapp): libsrtp2.a
|
||||||
|
+$(testapp): libsrtp2.$(SHAREDLIBSUFFIX)
|
||||||
|
|
||||||
|
test/rtpw$(EXE): test/rtpw.c test/rtp.c test/util.c test/getopt_s.c \
|
||||||
|
crypto/math/datatypes.c
|
||||||
|
diff -up libsrtp-2.3.0/Makefile.test-shared libsrtp-2.3.0/Makefile
|
12
SOURCES/libsrtp-2.3.0-test-util.patch
Normal file
12
SOURCES/libsrtp-2.3.0-test-util.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -r -u libsrtp-2.3.0.orig/test/util.c libsrtp-2.3.0/test/util.c
|
||||||
|
--- libsrtp-2.3.0.orig/test/util.c 2019-12-23 10:58:25.000000000 +0100
|
||||||
|
+++ libsrtp-2.3.0/test/util.c 2020-10-09 11:56:31.455502870 +0200
|
||||||
|
@@ -49,7 +49,7 @@
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
/* include space for null terminator */
|
||||||
|
-char bit_string[MAX_PRINT_STRING_LEN + 1];
|
||||||
|
+static char bit_string[MAX_PRINT_STRING_LEN + 1];
|
||||||
|
|
||||||
|
static inline int hex_char_to_nibble(uint8_t c)
|
||||||
|
{
|
@ -1,23 +1,20 @@
|
|||||||
%global shortname srtp
|
%global shortname srtp
|
||||||
|
|
||||||
Name: libsrtp
|
Name: libsrtp
|
||||||
Version: 1.5.4
|
Version: 2.3.0
|
||||||
Release: 8%{?dist}
|
Release: 7%{?dist}
|
||||||
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
|
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
|
||||||
Group: System Environment/Libraries
|
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: https://github.com/cisco/libsrtp
|
URL: https://github.com/cisco/libsrtp
|
||||||
Source0: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz
|
Source0: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz
|
||||||
# Universal config.h
|
BuildRequires: gcc, nss-devel, libpcap-devel
|
||||||
Source2: config.h
|
BuildRequires: make
|
||||||
# Fix shared lib so ldconfig doesn't complain
|
# Fix shared lib so ldconfig doesn't complain
|
||||||
Patch0: libsrtp-1.5.4-shared-fix.patch
|
Patch0: libsrtp-2.3.0-shared-fix.patch
|
||||||
Patch1: libsrtp-srtp_aes_encrypt.patch
|
# Fix namespace issue in test/util.c
|
||||||
Patch2: libsrtp-sha1-name-fix.patch
|
Patch1: libsrtp-2.3.0-test-util.patch
|
||||||
Patch3: libsrtp-fix-name-collision-on-MIPS.patch
|
# Link test binaries against shared lib
|
||||||
Patch4: 0001-Changes-for-OpenSSL-1.1.0-compatibility.patch
|
Patch2: libsrtp-2.3.0-shared-test-fix.patch
|
||||||
|
|
||||||
BuildRequires: openssl-devel >= 1.1.0
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package provides an implementation of the Secure Real-time
|
This package provides an implementation of the Secure Real-time
|
||||||
@ -26,7 +23,6 @@ a supporting cryptographic kernel.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for %{name}
|
Summary: Development files for %{name}
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires: pkgconfig
|
Requires: pkgconfig
|
||||||
|
|
||||||
@ -34,13 +30,18 @@ Requires: pkgconfig
|
|||||||
The %{name}-devel package contains libraries and header files for
|
The %{name}-devel package contains libraries and header files for
|
||||||
developing applications that use %{name}.
|
developing applications that use %{name}.
|
||||||
|
|
||||||
|
%package tools
|
||||||
|
Summary: Tools for testing and decoding SRTP
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description tools
|
||||||
|
Tools for testing and decoding SRTP
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{version}
|
%setup -q -n %{name}-%{version}
|
||||||
%patch0 -p1 -b .sharedfix
|
%patch0 -p1 -b .sharedfix
|
||||||
%patch1 -p1 -b .srtp_aes_encrypt
|
%patch1 -p1 -b .utilfix
|
||||||
%patch2 -p1 -b .sha1-name-fix
|
%patch2 -p1 -b .test-shared-fix
|
||||||
%patch3 -p1 -b .mips-name-fix
|
|
||||||
%patch4 -p1 -b .4
|
|
||||||
|
|
||||||
%if 0%{?rhel} > 0
|
%if 0%{?rhel} > 0
|
||||||
%ifarch ppc64
|
%ifarch ppc64
|
||||||
@ -50,35 +51,72 @@ sed -i 's/-z noexecstack//' Makefile.in
|
|||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="%{optflags} -fPIC"
|
export CFLAGS="%{optflags} -fPIC"
|
||||||
%configure --enable-openssl
|
%configure --enable-nss
|
||||||
make %{?_smp_mflags} shared_library
|
make %{?_smp_mflags} shared_library test
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=%{buildroot}
|
make install DESTDIR=%{buildroot}
|
||||||
find %{buildroot} -name '*.la' -exec rm -f {} ';'
|
find %{buildroot} -name '*.la' -exec rm -f {} ';'
|
||||||
|
find %{buildroot} -name '*.a' -exec rm -f {} ';'
|
||||||
|
|
||||||
# Handle multilib issues with config.h
|
install -D -p -m 0755 test/dtls_srtp_driver %{buildroot}%{_bindir}/dtls_srtp_driver
|
||||||
mv %{buildroot}%{_includedir}/%{shortname}/config.h %{buildroot}%{_includedir}/%{shortname}/config-%{__isa_bits}.h
|
install -D -p -m 0755 test/rdbx_driver %{buildroot}%{_bindir}/rdbx_driver
|
||||||
cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
|
install -D -p -m 0755 test/replay_driver %{buildroot}%{_bindir}/replay_driver
|
||||||
|
install -D -p -m 0755 test/roc_driver %{buildroot}%{_bindir}/roc_driver
|
||||||
|
install -D -p -m 0755 test/rtp_decoder %{buildroot}%{_bindir}/rtp_decoder
|
||||||
|
install -D -p -m 0755 test/rtpw %{buildroot}%{_bindir}/rtpw
|
||||||
|
install -D -p -m 0755 test/srtp_driver %{buildroot}%{_bindir}/srtp_driver
|
||||||
|
install -D -p -m 0755 test/test_srtp %{buildroot}%{_bindir}/test_srtp
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
%ldconfig_scriptlets
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%doc CHANGES README TODO VERSION doc/*.txt doc/*.pdf
|
%doc CHANGES README.md
|
||||||
%{_libdir}/*.so.*
|
%{_libdir}/*.so.*
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%{_includedir}/%{shortname}/
|
%{_includedir}/%{shortname}2/
|
||||||
%{_libdir}/pkgconfig/libsrtp.pc
|
%{_libdir}/pkgconfig/libsrtp2.pc
|
||||||
%{_libdir}/*.so
|
%{_libdir}/*.so
|
||||||
|
|
||||||
|
%files tools
|
||||||
|
%{_bindir}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Sep 03 2018 Wim Taymans <wtaymans@redhat.com> - 1.5.4-8
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-7
|
||||||
- Port to openssl 1.1.0
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
- Build against openssl
|
Related: rhbz#1991688
|
||||||
- Resolves: rhbz#1618747
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-6
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Oct 12 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-4
|
||||||
|
- add -tools subpackage (thanks to Gerd v. Egidy)
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 7 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-1
|
||||||
|
- update to 2.3.0
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-11
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-10
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 23 2018 Tom Callaway <spot@fedoraproject.org> - 1.5.4-9
|
||||||
|
- add BuildRequires: gcc
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-8
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-7
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-7
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
18
config.h
18
config.h
@ -1,18 +0,0 @@
|
|||||||
/* This file is here to prevent a file conflict on multiarch systems. A
|
|
||||||
* conflict will frequently occur because arch-specific build-time
|
|
||||||
* configuration options are stored (and used, so they can't just be stripped
|
|
||||||
* out) in config.h. The original config.h has been renamed.
|
|
||||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
|
||||||
|
|
||||||
#ifdef srtp_multilib_redirection_h
|
|
||||||
#error "Do not define srtp_multilib_redirection_h!"
|
|
||||||
#endif
|
|
||||||
#define srtp_multilib_redirection_h
|
|
||||||
|
|
||||||
#if defined(__x86_64__) || defined(__PPC64__) || (defined(__sparc__) && defined(__arch64__)) || defined(__s390x__) || defined(__aarch64__)
|
|
||||||
#include "srtp/config-64.h"
|
|
||||||
#else
|
|
||||||
#include "srtp/config-32.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#undef srtp_multilib_redirection_h
|
|
@ -1,6 +0,0 @@
|
|||||||
--- !Policy
|
|
||||||
product_versions:
|
|
||||||
- rhel-8
|
|
||||||
decision_context: osci_compose_gate
|
|
||||||
rules:
|
|
||||||
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}
|
|
@ -1,48 +0,0 @@
|
|||||||
diff -up srtp/srtp/srtp.c.CVE20132139 srtp/srtp/srtp.c
|
|
||||||
--- srtp/srtp/srtp.c.CVE20132139 2013-12-30 11:47:39.477223492 -0500
|
|
||||||
+++ srtp/srtp/srtp.c 2013-12-30 11:49:44.580162545 -0500
|
|
||||||
@@ -2045,22 +2045,21 @@ crypto_policy_set_from_profile_for_rtp(c
|
|
||||||
switch(profile) {
|
|
||||||
case srtp_profile_aes128_cm_sha1_80:
|
|
||||||
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
||||||
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
||||||
break;
|
|
||||||
case srtp_profile_aes128_cm_sha1_32:
|
|
||||||
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
|
|
||||||
+ /* We do not honor the 32-bit auth tag request since
|
|
||||||
+ * this is not compliant with RFC 3711 */
|
|
||||||
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
||||||
break;
|
|
||||||
case srtp_profile_null_sha1_80:
|
|
||||||
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
|
||||||
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
|
||||||
break;
|
|
||||||
case srtp_profile_aes256_cm_sha1_80:
|
|
||||||
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
||||||
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
||||||
break;
|
|
||||||
case srtp_profile_aes256_cm_sha1_32:
|
|
||||||
- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
|
|
||||||
+ /* We do not honor the 32-bit auth tag request since
|
|
||||||
+ * this is not compliant with RFC 3711 */
|
|
||||||
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
||||||
break;
|
|
||||||
/* the following profiles are not (yet) supported */
|
|
||||||
@@ -2082,7 +2081,7 @@ crypto_policy_set_from_profile_for_rtcp(
|
|
||||||
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
||||||
break;
|
|
||||||
case srtp_profile_aes128_cm_sha1_32:
|
|
||||||
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
||||||
+ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
|
|
||||||
break;
|
|
||||||
case srtp_profile_null_sha1_80:
|
|
||||||
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
|
||||||
@@ -2091,7 +2090,7 @@ crypto_policy_set_from_profile_for_rtcp(
|
|
||||||
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
||||||
break;
|
|
||||||
case srtp_profile_aes256_cm_sha1_32:
|
|
||||||
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
||||||
+ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
|
|
||||||
break;
|
|
||||||
/* the following profiles are not (yet) supported */
|
|
||||||
case srtp_profile_null_sha1_32:
|
|
@ -1,75 +0,0 @@
|
|||||||
diff -up srtp/Makefile.in.shared srtp/Makefile.in
|
|
||||||
--- srtp/Makefile.in.shared 2010-05-21 13:45:35.000000000 -0400
|
|
||||||
+++ srtp/Makefile.in 2010-10-04 15:53:29.132116130 -0400
|
|
||||||
@@ -8,7 +8,7 @@
|
|
||||||
# runtest runs test applications
|
|
||||||
# test builds test applications
|
|
||||||
# libcrypt.a static library implementing crypto engine
|
|
||||||
-# libsrtp.a static library implementing srtp
|
|
||||||
+# libsrtp.so shared library implementing srtp
|
|
||||||
# clean removes objects, libs, and executables
|
|
||||||
# distribution cleans and builds a .tgz
|
|
||||||
# tags builds etags file from all .c and .h files
|
|
||||||
@@ -97,13 +97,13 @@ kernel = crypto/kernel/crypto_kernel.o
|
|
||||||
|
|
||||||
cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
|
|
||||||
|
|
||||||
-# libsrtp.a (implements srtp processing)
|
|
||||||
+# libsrtp (implements srtp processing)
|
|
||||||
|
|
||||||
srtpobj = srtp/srtp.o srtp/ekt.o
|
|
||||||
|
|
||||||
-libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
|
|
||||||
- ar cr libsrtp.a $^
|
|
||||||
- $(RANLIB) libsrtp.a
|
|
||||||
+libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi)
|
|
||||||
+ $(COMPILE) -shared -pthread -lm -Wl,--no-undefined -Wl,-soname,$@.0 -z noexecstack -o $@.0.0.0 $^
|
|
||||||
+ ln -s $@.0.0.0 $@
|
|
||||||
|
|
||||||
# libcryptomath.a contains general-purpose routines that are used to
|
|
||||||
# generate tables and verify cryptoalgorithm implementations - this
|
|
||||||
@@ -127,19 +127,19 @@ testapp = $(crypto_testapp) test/srtp_dr
|
|
||||||
test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \
|
|
||||||
test/dtls_srtp_driver$(EXE)
|
|
||||||
|
|
||||||
-$(testapp): libsrtp.a
|
|
||||||
+$(testapp): libsrtp.so
|
|
||||||
|
|
||||||
test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/rtpw.c test/rtp.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test/srtp_driver$(EXE): test/srtp_driver.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/rdbx_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/dtls_srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test: $(testapp)
|
|
||||||
@echo "Build done. Please run '$(MAKE) runtest' to run self tests."
|
|
||||||
@@ -197,16 +197,16 @@ install:
|
|
||||||
cp $(srcdir)/include/*.h $(DESTDIR)$(includedir)/srtp
|
|
||||||
cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp
|
|
||||||
if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi
|
|
||||||
- if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
|
|
||||||
+ if [ -f libsrtp.so.0.0.0 ]; then cp libsrtp.so.0.0.0 $(DESTDIR)$(libdir)/; fi
|
|
||||||
|
|
||||||
uninstall:
|
|
||||||
rm -f $(DESTDIR)$(includedir)/srtp/*.h
|
|
||||||
- rm -f $(DESTDIR)$(libdir)/libsrtp.a
|
|
||||||
+ rm -f $(DESTDIR)$(libdir)/libsrtp.so*
|
|
||||||
-rmdir $(DESTDIR)$(includedir)/srtp
|
|
||||||
|
|
||||||
clean:
|
|
||||||
rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \
|
|
||||||
- libcryptomath.a libsrtp.a core *.core test/core
|
|
||||||
+ libcryptomath.a libsrtp.so* core *.core test/core
|
|
||||||
for a in * */* */*/*; do \
|
|
||||||
if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
|
|
||||||
done;
|
|
@ -1,77 +0,0 @@
|
|||||||
diff -up libsrtp-1.5.0/Makefile.in.shared libsrtp-1.5.0/Makefile.in
|
|
||||||
--- libsrtp-1.5.0/Makefile.in.shared 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ libsrtp-1.5.0/Makefile.in 2014-11-14 10:14:01.604954699 -0500
|
|
||||||
@@ -113,17 +113,13 @@ kernel = crypto/kernel/crypto_kernel.o
|
|
||||||
|
|
||||||
cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
|
|
||||||
|
|
||||||
-# libsrtp.a (implements srtp processing)
|
|
||||||
+# libsrtp (implements srtp processing)
|
|
||||||
|
|
||||||
srtpobj = srtp/srtp.o srtp/ekt.o
|
|
||||||
|
|
||||||
-libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
|
|
||||||
- ar cr libsrtp.a $^
|
|
||||||
- $(RANLIB) libsrtp.a
|
|
||||||
-
|
|
||||||
-libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi)
|
|
||||||
- $(CC) -shared -Wl,-soname,libsrtp.so \
|
|
||||||
- -o libsrtp.so $^ $(LDFLAGS)
|
|
||||||
+libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi)
|
|
||||||
+ $(COMPILE) -shared -pthread -lm -Wl,--no-undefined -Wl,-soname,$@.1 -z noexecstack -o $@.1.0.0 $^
|
|
||||||
+ ln -s $@.1.0.0 $@
|
|
||||||
|
|
||||||
# libcryptomath.a contains general-purpose routines that are used to
|
|
||||||
# generate tables and verify cryptoalgorithm implementations - this
|
|
||||||
@@ -150,19 +146,19 @@ testapp = $(crypto_testapp) test/srtp_dr
|
|
||||||
test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \
|
|
||||||
test/dtls_srtp_driver$(EXE)
|
|
||||||
|
|
||||||
-$(testapp): libsrtp.a
|
|
||||||
+$(testapp): libsrtp.so
|
|
||||||
|
|
||||||
test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/rtpw.c test/rtp.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test/srtp_driver$(EXE): test/srtp_driver.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/rdbx_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c
|
|
||||||
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
|
|
||||||
+ $(COMPILE) $(LDFLAGS) -o $@ test/dtls_srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB)
|
|
||||||
|
|
||||||
test: $(testapp)
|
|
||||||
@echo "Build done. Please run '$(MAKE) runtest' to run self tests."
|
|
||||||
@@ -220,7 +216,7 @@ install:
|
|
||||||
cp $(srcdir)/include/*.h $(DESTDIR)$(includedir)/srtp
|
|
||||||
cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp
|
|
||||||
if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi
|
|
||||||
- if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
|
|
||||||
+ if [ -f libsrtp.so.0.0.0 ]; then cp libsrtp.so.0.0.0 $(DESTDIR)$(libdir)/; fi
|
|
||||||
if [ -f libsrtp.so ]; then cp libsrtp.so $(DESTDIR)$(libdir)/; fi
|
|
||||||
if [ "$(pkgconfig_DATA)" != "" ]; then \
|
|
||||||
$(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \
|
|
||||||
@@ -229,7 +225,7 @@ install:
|
|
||||||
|
|
||||||
uninstall:
|
|
||||||
rm -f $(DESTDIR)$(includedir)/srtp/*.h
|
|
||||||
- rm -f $(DESTDIR)$(libdir)/libsrtp.a
|
|
||||||
+ rm -f $(DESTDIR)$(libdir)/libsrtp.so*
|
|
||||||
rm -f $(DESTDIR)$(libdir)/libsrtp.so
|
|
||||||
-rmdir $(DESTDIR)$(includedir)/srtp
|
|
||||||
if [ "$(pkgconfig_DATA)" != "" ]; then \
|
|
||||||
@@ -238,7 +234,7 @@ uninstall:
|
|
||||||
|
|
||||||
clean:
|
|
||||||
rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \
|
|
||||||
- libcryptomath.a libsrtp.a libsrtp.so core *.core test/core
|
|
||||||
+ libcryptomath.a libsrtp.so* core *.core test/core
|
|
||||||
for a in * */* */*/*; do \
|
|
||||||
if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
|
|
||||||
done;
|
|
@ -1,36 +0,0 @@
|
|||||||
diff -up libsrtp-1.5.4/Makefile.in.sharedfix libsrtp-1.5.4/Makefile.in
|
|
||||||
--- libsrtp-1.5.4/Makefile.in.sharedfix 2016-02-02 14:56:49.000000000 -0500
|
|
||||||
+++ libsrtp-1.5.4/Makefile.in 2016-02-12 09:38:18.228208296 -0500
|
|
||||||
@@ -84,12 +84,14 @@ pkgconfigdir = $(libdir)/pkgconfig
|
|
||||||
pkgconfig_DATA = libsrtp.pc
|
|
||||||
endif
|
|
||||||
|
|
||||||
-SHAREDLIBVERSION = 1
|
|
||||||
+SHAREDLIBMINIVER = 1
|
|
||||||
+SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0
|
|
||||||
ifeq (linux,$(findstring linux,@host@))
|
|
||||||
SHAREDLIB_DIR = $(libdir)
|
|
||||||
-SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
|
|
||||||
SHAREDLIBSUFFIXNOVER = so
|
|
||||||
SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
|
|
||||||
+SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER)
|
|
||||||
+SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp.$(SHAREDLIBMINISUFFIX)
|
|
||||||
else ifeq (mingw,$(findstring mingw,@host@))
|
|
||||||
SHAREDLIB_DIR = $(bindir)
|
|
||||||
SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp.dll.a
|
|
||||||
@@ -148,6 +150,7 @@ libsrtp.$(SHAREDLIBSUFFIX): $(srtpobj) $
|
|
||||||
$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
|
|
||||||
$^ $(LDFLAGS) $(LIBS)
|
|
||||||
if [ -n "$(SHAREDLIBVERSION)" ]; then \
|
|
||||||
+ ln -sfn $@ libsrtp.$(SHAREDLIBMINISUFFIX); \
|
|
||||||
ln -sfn $@ libsrtp.$(SHAREDLIBSUFFIXNOVER); \
|
|
||||||
fi
|
|
||||||
|
|
||||||
@@ -274,6 +277,7 @@ install:
|
|
||||||
$(INSTALL) -d $(DESTDIR)$(SHAREDLIB_DIR); \
|
|
||||||
cp libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/; \
|
|
||||||
ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBSUFFIXNOVER); \
|
|
||||||
+ ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBMINISUFFIX); \
|
|
||||||
fi
|
|
||||||
if [ "$(pkgconfig_DATA)" != "" ]; then \
|
|
||||||
$(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \
|
|
@ -1,55 +0,0 @@
|
|||||||
diff -urp libsrtp-1.5.0/test/srtp_driver.c l/test/srtp_driver.c
|
|
||||||
--- libsrtp-1.5.0/test/srtp_driver.c 2014-10-13 16:35:33.000000000 +0200
|
|
||||||
+++ libsrtp-1.5.4/test/srtp_driver.c 2015-09-18 06:41:50.740727805 +0200
|
|
||||||
@@ -341,7 +341,7 @@ main (int argc, char *argv[]) {
|
|
||||||
if (do_codec_timing) {
|
|
||||||
srtp_policy_t policy;
|
|
||||||
int ignore;
|
|
||||||
- double mips = mips_estimate(1000000000, &ignore);
|
|
||||||
+ double mips_est = mips_estimate(1000000000, &ignore);
|
|
||||||
|
|
||||||
crypto_policy_set_rtp_default(&policy.rtp);
|
|
||||||
crypto_policy_set_rtcp_default(&policy.rtcp);
|
|
||||||
@@ -353,33 +353,33 @@ main (int argc, char *argv[]) {
|
|
||||||
policy.allow_repeat_tx = 0;
|
|
||||||
policy.next = NULL;
|
|
||||||
|
|
||||||
- printf("mips estimate: %e\n", mips);
|
|
||||||
+ printf("mips estimate: %e\n", mips_est);
|
|
||||||
|
|
||||||
printf("testing srtp processing time for voice codecs:\n");
|
|
||||||
printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
|
|
||||||
printf("G.711\t\t%d\t\t\t%e\n", 80,
|
|
||||||
- (double) mips * (80 * 8) /
|
|
||||||
+ (double) mips_est * (80 * 8) /
|
|
||||||
srtp_bits_per_second(80, &policy) / .01 );
|
|
||||||
printf("G.711\t\t%d\t\t\t%e\n", 160,
|
|
||||||
- (double) mips * (160 * 8) /
|
|
||||||
+ (double) mips_est * (160 * 8) /
|
|
||||||
srtp_bits_per_second(160, &policy) / .02);
|
|
||||||
printf("G.726-32\t%d\t\t\t%e\n", 40,
|
|
||||||
- (double) mips * (40 * 8) /
|
|
||||||
+ (double) mips_est * (40 * 8) /
|
|
||||||
srtp_bits_per_second(40, &policy) / .01 );
|
|
||||||
printf("G.726-32\t%d\t\t\t%e\n", 80,
|
|
||||||
- (double) mips * (80 * 8) /
|
|
||||||
+ (double) mips_est * (80 * 8) /
|
|
||||||
srtp_bits_per_second(80, &policy) / .02);
|
|
||||||
printf("G.729\t\t%d\t\t\t%e\n", 10,
|
|
||||||
- (double) mips * (10 * 8) /
|
|
||||||
+ (double) mips_est * (10 * 8) /
|
|
||||||
srtp_bits_per_second(10, &policy) / .01 );
|
|
||||||
printf("G.729\t\t%d\t\t\t%e\n", 20,
|
|
||||||
- (double) mips * (20 * 8) /
|
|
||||||
+ (double) mips_est * (20 * 8) /
|
|
||||||
srtp_bits_per_second(20, &policy) / .02 );
|
|
||||||
printf("Wideband\t%d\t\t\t%e\n", 320,
|
|
||||||
- (double) mips * (320 * 8) /
|
|
||||||
+ (double) mips_est * (320 * 8) /
|
|
||||||
srtp_bits_per_second(320, &policy) / .01 );
|
|
||||||
printf("Wideband\t%d\t\t\t%e\n", 640,
|
|
||||||
- (double) mips * (640 * 8) /
|
|
||||||
+ (double) mips_est * (640 * 8) /
|
|
||||||
srtp_bits_per_second(640, &policy) / .02 );
|
|
||||||
}
|
|
||||||
|
|
@ -1,174 +0,0 @@
|
|||||||
diff -rup libsrtp-1.5.0/crypto/hash/hmac.c libsrtp-1.5.0/crypto/hash/hmac.c
|
|
||||||
--- libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-31 09:15:20.666474444 -0400
|
|
||||||
@@ -141,10 +141,10 @@ hmac_init(hmac_ctx_t *state, const uint8
|
|
||||||
debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
|
|
||||||
|
|
||||||
/* initialize sha1 context */
|
|
||||||
- sha1_init(&state->init_ctx);
|
|
||||||
+ crypto_sha1_init(&state->init_ctx);
|
|
||||||
|
|
||||||
/* hash ipad ^ key */
|
|
||||||
- sha1_update(&state->init_ctx, ipad, 64);
|
|
||||||
+ crypto_sha1_update(&state->init_ctx, ipad, 64);
|
|
||||||
memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
|
|
||||||
|
|
||||||
return err_status_ok;
|
|
||||||
@@ -165,7 +165,7 @@ hmac_update(hmac_ctx_t *state, const uin
|
|
||||||
octet_string_hex_string(message, msg_octets));
|
|
||||||
|
|
||||||
/* hash message into sha1 context */
|
|
||||||
- sha1_update(&state->ctx, message, msg_octets);
|
|
||||||
+ crypto_sha1_update(&state->ctx, message, msg_octets);
|
|
||||||
|
|
||||||
return err_status_ok;
|
|
||||||
}
|
|
||||||
@@ -183,7 +183,7 @@ hmac_compute(hmac_ctx_t *state, const vo
|
|
||||||
|
|
||||||
/* hash message, copy output into H */
|
|
||||||
hmac_update(state, (const uint8_t*)message, msg_octets);
|
|
||||||
- sha1_final(&state->ctx, H);
|
|
||||||
+ crypto_sha1_final(&state->ctx, H);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* note that we don't need to debug_print() the input, since the
|
|
||||||
@@ -193,16 +193,16 @@ hmac_compute(hmac_ctx_t *state, const vo
|
|
||||||
octet_string_hex_string((uint8_t *)H, 20));
|
|
||||||
|
|
||||||
/* re-initialize hash context */
|
|
||||||
- sha1_init(&state->ctx);
|
|
||||||
+ crypto_sha1_init(&state->ctx);
|
|
||||||
|
|
||||||
/* hash opad ^ key */
|
|
||||||
- sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
|
|
||||||
+ crypto_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
|
|
||||||
|
|
||||||
/* hash the result of the inner hash */
|
|
||||||
- sha1_update(&state->ctx, (uint8_t *)H, 20);
|
|
||||||
+ crypto_sha1_update(&state->ctx, (uint8_t *)H, 20);
|
|
||||||
|
|
||||||
/* the result is returned in the array hash_value[] */
|
|
||||||
- sha1_final(&state->ctx, hash_value);
|
|
||||||
+ crypto_sha1_final(&state->ctx, hash_value);
|
|
||||||
|
|
||||||
/* copy hash_value to *result */
|
|
||||||
for (i=0; i < tag_len; i++)
|
|
||||||
diff -rup libsrtp-1.5.0/crypto/hash/sha1.c libsrtp-1.5.0/crypto/hash/sha1.c
|
|
||||||
--- libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-31 09:15:20.667474449 -0400
|
|
||||||
@@ -77,12 +77,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt fo
|
|
||||||
uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
|
|
||||||
+crypto_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
|
|
||||||
sha1_ctx_t ctx;
|
|
||||||
|
|
||||||
- sha1_init(&ctx);
|
|
||||||
- sha1_update(&ctx, msg, octets_in_msg);
|
|
||||||
- sha1_final(&ctx, hash_value);
|
|
||||||
+ crypto_sha1_init(&ctx);
|
|
||||||
+ crypto_sha1_update(&ctx, msg, octets_in_msg);
|
|
||||||
+ crypto_sha1_final(&ctx, hash_value);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -99,7 +99,7 @@ sha1(const uint8_t *msg, int octets_in_
|
|
||||||
*/
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
|
|
||||||
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
|
|
||||||
uint32_t H0;
|
|
||||||
uint32_t H1;
|
|
||||||
uint32_t H2;
|
|
||||||
@@ -186,7 +186,7 @@ sha1_core(const uint32_t M[16], uint32_t
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_init(sha1_ctx_t *ctx) {
|
|
||||||
+crypto_sha1_init(sha1_ctx_t *ctx) {
|
|
||||||
|
|
||||||
/* initialize state vector */
|
|
||||||
ctx->H[0] = 0x67452301;
|
|
||||||
@@ -204,7 +204,7 @@ sha1_init(sha1_ctx_t *ctx) {
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
|
|
||||||
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
|
|
||||||
int i;
|
|
||||||
uint8_t *buf = (uint8_t *)ctx->M;
|
|
||||||
|
|
||||||
@@ -229,7 +229,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
|
|
||||||
|
|
||||||
debug_print(mod_sha1, "(update) running sha1_core()", NULL);
|
|
||||||
|
|
||||||
- sha1_core(ctx->M, ctx->H);
|
|
||||||
+ crypto_sha1_core(ctx->M, ctx->H);
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
@@ -252,7 +252,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
|
|
||||||
*/
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
|
|
||||||
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
|
|
||||||
uint32_t A, B, C, D, E, TEMP;
|
|
||||||
uint32_t W[80];
|
|
||||||
int i, t;
|
|
||||||
diff -rup libsrtp-1.5.0/crypto/include/sha1.h libsrtp-1.5.0/crypto/include/sha1.h
|
|
||||||
--- libsrtp-1.5.0/crypto/include/sha1.h 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ libsrtp-1.5.0/crypto/include/sha1.h 2014-10-31 09:16:10.367733196 -0400
|
|
||||||
@@ -103,7 +103,7 @@ typedef struct {
|
|
||||||
*/
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
|
|
||||||
+crypto_sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* sha1_init(&ctx) initializes the SHA1 context ctx
|
|
||||||
@@ -117,13 +117,13 @@ sha1(const uint8_t *message, int octets
|
|
||||||
*/
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_init(sha1_ctx_t *ctx);
|
|
||||||
+crypto_sha1_init(sha1_ctx_t *ctx);
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
|
|
||||||
+crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
|
|
||||||
+crypto_sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The sha1_core function is INTERNAL to SHA-1, but it is declared
|
|
||||||
@@ -141,7 +141,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t out
|
|
||||||
*/
|
|
||||||
|
|
||||||
void
|
|
||||||
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
|
|
||||||
+crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
|
|
||||||
|
|
||||||
#endif /* else OPENSSL */
|
|
||||||
|
|
||||||
diff -rup libsrtp-1.5.0/crypto/test/sha1_driver.c libsrtp-1.5.0/crypto/test/sha1_driver.c
|
|
||||||
--- libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-31 09:15:20.668474454 -0400
|
|
||||||
@@ -113,9 +113,9 @@ sha1_test_case_validate(const hash_test_
|
|
||||||
if (test_case->data_len > MAX_HASH_DATA_LEN)
|
|
||||||
return err_status_bad_param;
|
|
||||||
|
|
||||||
- sha1_init(&ctx);
|
|
||||||
- sha1_update(&ctx, test_case->data, test_case->data_len);
|
|
||||||
- sha1_final(&ctx, hash_value);
|
|
||||||
+ crypto_sha1_init(&ctx);
|
|
||||||
+ crypto_sha1_update(&ctx, test_case->data, test_case->data_len);
|
|
||||||
+ crypto_sha1_final(&ctx, hash_value);
|
|
||||||
if (0 == memcmp(test_case->hash, hash_value, 20)) {
|
|
||||||
#if VERBOSE
|
|
||||||
printf("PASSED: reference value: %s\n",
|
|
@ -1,129 +0,0 @@
|
|||||||
diff -rup a/crypto/cipher/aes.c b/crypto/cipher/aes.c
|
|
||||||
--- a/crypto/cipher/aes.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ b/crypto/cipher/aes.c 2014-10-31 09:25:20.603597823 -0400
|
|
||||||
@@ -2002,7 +2002,7 @@ aes_inv_final_round(v128_t *state, const
|
|
||||||
|
|
||||||
|
|
||||||
void
|
|
||||||
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
|
|
||||||
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
|
|
||||||
|
|
||||||
/* add in the subkey */
|
|
||||||
v128_xor_eq(plaintext, &exp_key->round[0]);
|
|
||||||
diff -rup a/crypto/cipher/aes_cbc.c b/crypto/cipher/aes_cbc.c
|
|
||||||
--- a/crypto/cipher/aes_cbc.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ b/crypto/cipher/aes_cbc.c 2014-10-31 09:25:20.604597828 -0400
|
|
||||||
@@ -192,7 +192,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
|
|
||||||
debug_print(mod_aes_cbc, "inblock: %s",
|
|
||||||
v128_hex_string(&c->state));
|
|
||||||
|
|
||||||
- aes_encrypt(&c->state, &c->expanded_key);
|
|
||||||
+ srtp_aes_encrypt(&c->state, &c->expanded_key);
|
|
||||||
|
|
||||||
debug_print(mod_aes_cbc, "outblock: %s",
|
|
||||||
v128_hex_string(&c->state));
|
|
||||||
diff -rup a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c
|
|
||||||
--- a/crypto/cipher/aes_icm.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ b/crypto/cipher/aes_icm.c 2014-10-31 09:25:20.604597828 -0400
|
|
||||||
@@ -260,7 +260,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
|
|
||||||
/* fill keystream buffer, if needed */
|
|
||||||
if (tail_num) {
|
|
||||||
v128_copy(&c->keystream_buffer, &c->counter);
|
|
||||||
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
|
||||||
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
|
||||||
c->bytes_in_buffer = sizeof(v128_t);
|
|
||||||
|
|
||||||
debug_print(mod_aes_icm, "counter: %s",
|
|
||||||
@@ -316,7 +316,7 @@ static inline void
|
|
||||||
aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
|
|
||||||
/* fill buffer with new keystream */
|
|
||||||
v128_copy(&c->keystream_buffer, &c->counter);
|
|
||||||
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
|
||||||
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
|
|
||||||
c->bytes_in_buffer = sizeof(v128_t);
|
|
||||||
|
|
||||||
debug_print(mod_aes_icm, "counter: %s",
|
|
||||||
diff -rup a/crypto/include/aes.h b/crypto/include/aes.h
|
|
||||||
--- a/crypto/include/aes.h 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ b/crypto/include/aes.h 2014-10-31 09:25:20.604597828 -0400
|
|
||||||
@@ -68,7 +68,7 @@ aes_expand_decryption_key(const uint8_t
|
|
||||||
aes_expanded_key_t *expanded_key);
|
|
||||||
|
|
||||||
void
|
|
||||||
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
|
|
||||||
+srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
|
|
||||||
|
|
||||||
void
|
|
||||||
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
|
|
||||||
diff -rup a/crypto/rng/prng.c b/crypto/rng/prng.c
|
|
||||||
--- a/crypto/rng/prng.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ b/crypto/rng/prng.c 2014-10-31 09:25:20.605597833 -0400
|
|
||||||
@@ -112,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest
|
|
||||||
v128_copy(&buffer, &x917_prng.state);
|
|
||||||
|
|
||||||
/* apply aes to buffer */
|
|
||||||
- aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
|
|
||||||
/* write data to output */
|
|
||||||
*dest++ = buffer.v8[0];
|
|
||||||
@@ -136,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest
|
|
||||||
buffer.v32[0] ^= t;
|
|
||||||
|
|
||||||
/* encrypt buffer */
|
|
||||||
- aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
|
|
||||||
/* copy buffer into state */
|
|
||||||
v128_copy(&x917_prng.state, &buffer);
|
|
||||||
@@ -154,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest
|
|
||||||
v128_copy(&buffer, &x917_prng.state);
|
|
||||||
|
|
||||||
/* apply aes to buffer */
|
|
||||||
- aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
|
|
||||||
/* write data to output */
|
|
||||||
for (i=0; i < tail_len; i++) {
|
|
||||||
@@ -167,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest
|
|
||||||
buffer.v32[0] ^= t;
|
|
||||||
|
|
||||||
/* encrypt buffer */
|
|
||||||
- aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
+ srtp_aes_encrypt(&buffer, &x917_prng.key);
|
|
||||||
|
|
||||||
/* copy buffer into state */
|
|
||||||
v128_copy(&x917_prng.state, &buffer);
|
|
||||||
diff -rup a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c
|
|
||||||
--- a/crypto/test/aes_calc.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ b/crypto/test/aes_calc.c 2014-10-31 09:25:20.605597833 -0400
|
|
||||||
@@ -109,7 +109,7 @@ main (int argc, char *argv[]) {
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
- aes_encrypt(&data, &exp_key);
|
|
||||||
+ srtp_aes_encrypt(&data, &exp_key);
|
|
||||||
|
|
||||||
/* write ciphertext to output */
|
|
||||||
if (verbose) {
|
|
||||||
diff -rup a/tables/aes_tables.c b/tables/aes_tables.c
|
|
||||||
--- a/tables/aes_tables.c 2014-10-13 10:35:33.000000000 -0400
|
|
||||||
+++ b/tables/aes_tables.c 2014-10-31 09:25:20.605597833 -0400
|
|
||||||
@@ -298,7 +298,7 @@ main(void) {
|
|
||||||
|
|
||||||
#if AES_INVERSE_TEST
|
|
||||||
/*
|
|
||||||
- * test that aes_encrypt and aes_decrypt are actually
|
|
||||||
+ * test that srtp_aes_encrypt and aes_decrypt are actually
|
|
||||||
* inverses of each other
|
|
||||||
*/
|
|
||||||
|
|
||||||
@@ -335,7 +335,7 @@ aes_test_inverse(void) {
|
|
||||||
v128_copy_octet_string(&x, plaintext);
|
|
||||||
aes_expand_encryption_key(k, expanded_key);
|
|
||||||
aes_expand_decryption_key(k, decrypt_key);
|
|
||||||
- aes_encrypt(&x, expanded_key);
|
|
||||||
+ srtp_aes_encrypt(&x, expanded_key);
|
|
||||||
aes_decrypt(&x, decrypt_key);
|
|
||||||
|
|
||||||
/* compare to expected value then report */
|
|
Loading…
Reference in New Issue
Block a user