extra/libsrtp/7713d5706524f9f1ee94fd6b55125357e63656d5.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

From 8884f4d8eb4ca7122dfcbd640b933b98ef4bab80 Mon Sep 17 00:00:00 2001
From: jfigus <jfig_us@yahoo.com>
Date: Thu, 30 May 2013 12:36:07 -0400
Subject: [PATCH 1/3] Remove double-invocations to prevent buffer-overflow
 vulnerability.

---
 srtp/srtp.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/srtp/srtp.c b/srtp/srtp.c
index 839c1ee..41e263c 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -2063,23 +2063,18 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
   switch(profile) {
   case srtp_profile_aes128_cm_sha1_80:
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes128_cm_sha1_32:
     crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_null_sha1_80:
     crypto_policy_set_null_cipher_hmac_sha1_80(policy);
-    crypto_policy_set_null_cipher_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes256_cm_sha1_80:
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
-    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes256_cm_sha1_32:
     crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
-    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
     /* the following profiles are not (yet) supported */
   case srtp_profile_null_sha1_32:
-- 
1.8.5.1


From 8e47faf0f5b90672c7ebf2f0cf0562ee81a8b621 Mon Sep 17 00:00:00 2001
From: jfigus <jfig_us@yahoo.com>
Date: Thu, 30 May 2013 13:36:33 -0400
Subject: [PATCH 2/3] Fix 32-bit tag policies to use correct profile.

---
 srtp/srtp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srtp/srtp.c b/srtp/srtp.c
index 41e263c..95c1ab4 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -2095,7 +2095,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes128_cm_sha1_32:
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+    crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
     break;
   case srtp_profile_null_sha1_80:
     crypto_policy_set_null_cipher_hmac_sha1_80(policy);
@@ -2104,7 +2104,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes256_cm_sha1_32:
-    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+    crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
     break;
     /* the following profiles are not (yet) supported */
   case srtp_profile_null_sha1_32:
-- 
1.8.5.1


From 0acbb039c12b790621839facf56bfedbd071b74d Mon Sep 17 00:00:00 2001
From: jfigus <jfig_us@yahoo.com>
Date: Thu, 30 May 2013 16:47:02 -0400
Subject: [PATCH 3/3] Undo the changes to the RTCP profile helper function. 
 The prior commit was not compliant with RFC 3711.

---
 srtp/srtp.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/srtp/srtp.c b/srtp/srtp.c
index 95c1ab4..7fd19e6 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -2095,7 +2095,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes128_cm_sha1_32:
-    crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+    /* We do not honor the 32-bit auth tag request since
+     * this is not compliant with RFC 3711 */
+    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_null_sha1_80:
     crypto_policy_set_null_cipher_hmac_sha1_80(policy);
@@ -2104,7 +2106,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes256_cm_sha1_32:
-    crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
+    /* We do not honor the 32-bit auth tag request since
+     * this is not compliant with RFC 3711 */
+    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
     /* the following profiles are not (yet) supported */
   case srtp_profile_null_sha1_32:
-- 
1.8.5.1