From 1d54552ece6882dca84331ee5eff02680ec373e8 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Feb 10 2014 19:56:02 +0000 Subject: rename internal functions to avoid conflicts (bz 956340) --- diff --git a/libsrtp-sha1-name-fix.patch b/libsrtp-sha1-name-fix.patch new file mode 100644 index 0000000..12b1da6 --- /dev/null +++ b/libsrtp-sha1-name-fix.patch @@ -0,0 +1,170 @@ +--- a/crypto/hash/hmac.c ++++ a/crypto/hash/hmac.c +@@ -137,10 +137,10 @@ hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) { + debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64)); + + /* initialize sha1 context */ +- sha1_init(&state->init_ctx); ++ crypto_sha1_init(&state->init_ctx); + + /* hash ipad ^ key */ +- sha1_update(&state->init_ctx, ipad, 64); ++ crypto_sha1_update(&state->init_ctx, ipad, 64); + memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); + + return err_status_ok; +@@ -161,7 +161,7 @@ hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) { + octet_string_hex_string(message, msg_octets)); + + /* hash message into sha1 context */ +- sha1_update(&state->ctx, message, msg_octets); ++ crypto_sha1_update(&state->ctx, message, msg_octets); + + return err_status_ok; + } +@@ -179,7 +179,7 @@ hmac_compute(hmac_ctx_t *state, const void *message, + + /* hash message, copy output into H */ + hmac_update(state, (const uint8_t*)message, msg_octets); +- sha1_final(&state->ctx, H); ++ crypto_sha1_final(&state->ctx, H); + + /* + * note that we don't need to debug_print() the input, since the +@@ -189,16 +189,16 @@ hmac_compute(hmac_ctx_t *state, const void *message, + octet_string_hex_string((uint8_t *)H, 20)); + + /* re-initialize hash context */ +- sha1_init(&state->ctx); ++ crypto_sha1_init(&state->ctx); + + /* hash opad ^ key */ +- sha1_update(&state->ctx, (uint8_t *)state->opad, 64); ++ crypto_sha1_update(&state->ctx, (uint8_t *)state->opad, 64); + + /* hash the result of the inner hash */ +- sha1_update(&state->ctx, (uint8_t *)H, 20); ++ crypto_sha1_update(&state->ctx, (uint8_t *)H, 20); + + /* the result is returned in the array hash_value[] */ +- sha1_final(&state->ctx, hash_value); ++ crypto_sha1_final(&state->ctx, hash_value); + + /* copy hash_value to *result */ + for (i=0; i < tag_len; i++) +--- a/crypto/hash/sha1.c ++++ a/crypto/hash/sha1.c +@@ -74,12 +74,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */ + uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ + + void +-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { ++crypto_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { + sha1_ctx_t ctx; + +- sha1_init(&ctx); +- sha1_update(&ctx, msg, octets_in_msg); +- sha1_final(&ctx, hash_value); ++ crypto_sha1_init(&ctx); ++ crypto_sha1_update(&ctx, msg, octets_in_msg); ++ crypto_sha1_final(&ctx, hash_value); + + } + +@@ -96,7 +96,7 @@ sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { + */ + + void +-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { ++crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { + uint32_t H0; + uint32_t H1; + uint32_t H2; +@@ -183,7 +183,7 @@ sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { + } + + void +-sha1_init(sha1_ctx_t *ctx) { ++crypto_sha1_init(sha1_ctx_t *ctx) { + + /* initialize state vector */ + ctx->H[0] = 0x67452301; +@@ -201,7 +201,7 @@ sha1_init(sha1_ctx_t *ctx) { + } + + void +-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { ++crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { + int i; + uint8_t *buf = (uint8_t *)ctx->M; + +@@ -226,7 +226,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { + + debug_print(mod_sha1, "(update) running sha1_core()", NULL); + +- sha1_core(ctx->M, ctx->H); ++ crypto_sha1_core(ctx->M, ctx->H); + + } else { + +@@ -249,7 +249,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { + */ + + void +-sha1_final(sha1_ctx_t *ctx, uint32_t *output) { ++crypto_sha1_final(sha1_ctx_t *ctx, uint32_t *output) { + uint32_t A, B, C, D, E, TEMP; + uint32_t W[80]; + int i, t; +--- a/crypto/include/sha1.h ++++ a/crypto/include/sha1.h +@@ -65,7 +65,7 @@ typedef struct { + */ + + void +-sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); ++crypto_sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); + + /* + * sha1_init(&ctx) initializes the SHA1 context ctx +@@ -79,13 +79,13 @@ sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); + */ + + void +-sha1_init(sha1_ctx_t *ctx); ++crypto_sha1_init(sha1_ctx_t *ctx); + + void +-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); ++crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); + + void +-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); ++crypto_sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); + + /* + * The sha1_core function is INTERNAL to SHA-1, but it is declared +@@ -103,6 +103,6 @@ sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); + */ + + void +-sha1_core(const uint32_t M[16], uint32_t hash_value[5]); ++crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]); + + #endif /* SHA1_H */ +--- a/crypto/test/sha1_driver.c ++++ a/crypto/test/sha1_driver.c +@@ -107,9 +107,9 @@ sha1_test_case_validate(const hash_test_case_t *test_case) { + if (test_case->data_len > MAX_HASH_DATA_LEN) + return err_status_bad_param; + +- sha1_init(&ctx); +- sha1_update(&ctx, test_case->data, test_case->data_len); +- sha1_final(&ctx, hash_value); ++ crypto_sha1_init(&ctx); ++ crypto_sha1_update(&ctx, test_case->data, test_case->data_len); ++ crypto_sha1_final(&ctx, hash_value); + if (0 == memcmp(test_case->hash, hash_value, 20)) { + #if VERBOSE + printf("PASSED: reference value: %s\n", + diff --git a/libsrtp-srtp_aes_encrypt.patch b/libsrtp-srtp_aes_encrypt.patch new file mode 100644 index 0000000..389ce9a --- /dev/null +++ b/libsrtp-srtp_aes_encrypt.patch @@ -0,0 +1,122 @@ +--- a/crypto/cipher/aes.c ++++ a/crypto/cipher/aes.c +@@ -1999,7 +1999,7 @@ aes_inv_final_round(v128_t *state, const v128_t *round_key) { + + + void +-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) { ++srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) { + + /* add in the subkey */ + v128_xor_eq(plaintext, &exp_key->round[0]); +--- a/crypto/cipher/aes_cbc.c ++++ a/crypto/cipher/aes_cbc.c +@@ -182,7 +182,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c, + debug_print(mod_aes_cbc, "inblock: %s", + v128_hex_string(&c->state)); + +- aes_encrypt(&c->state, &c->expanded_key); ++ srtp_aes_encrypt(&c->state, &c->expanded_key); + + debug_print(mod_aes_cbc, "outblock: %s", + v128_hex_string(&c->state)); +--- a/crypto/cipher/aes_icm.c ++++ a/crypto/cipher/aes_icm.c +@@ -240,7 +240,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c, + /* fill keystream buffer, if needed */ + if (tail_num) { + v128_copy(&c->keystream_buffer, &c->counter); +- aes_encrypt(&c->keystream_buffer, &c->expanded_key); ++ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key); + c->bytes_in_buffer = sizeof(v128_t); + + debug_print(mod_aes_icm, "counter: %s", +@@ -296,7 +296,7 @@ static inline void + aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) { + /* fill buffer with new keystream */ + v128_copy(&c->keystream_buffer, &c->counter); +- aes_encrypt(&c->keystream_buffer, &c->expanded_key); ++ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key); + c->bytes_in_buffer = sizeof(v128_t); + + debug_print(mod_aes_icm, "counter: %s", +--- a/crypto/include/aes.h ++++ a/crypto/include/aes.h +@@ -70,7 +70,7 @@ aes_expand_decryption_key(const uint8_t *key, + aes_expanded_key_t *expanded_key); + + void +-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); ++srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); + + void + aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); +--- a/crypto/rng/prng.c ++++ a/crypto/rng/prng.c +@@ -108,7 +108,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* write data to output */ + *dest++ = buffer.v8[0]; +@@ -132,7 +132,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { + buffer.v32[0] ^= t; + + /* encrypt buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); +@@ -150,7 +150,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* write data to output */ + for (i=0; i < tail_len; i++) { +@@ -163,7 +163,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { + buffer.v32[0] ^= t; + + /* encrypt buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); +--- a/crypto/test/aes_calc.c ++++ a/crypto/test/aes_calc.c +@@ -105,7 +105,7 @@ main (int argc, char *argv[]) { + exit(1); + } + +- aes_encrypt(&data, &exp_key); ++ srtp_aes_encrypt(&data, &exp_key); + + /* write ciphertext to output */ + if (verbose) { +--- a/tables/aes_tables.c ++++ a/tables/aes_tables.c +@@ -294,7 +294,7 @@ main(void) { + + #if AES_INVERSE_TEST + /* +- * test that aes_encrypt and aes_decrypt are actually ++ * test that srtp_aes_encrypt and aes_decrypt are actually + * inverses of each other + */ + +@@ -331,7 +331,7 @@ aes_test_inverse(void) { + v128_copy_octet_string(&x, plaintext); + aes_expand_encryption_key(k, expanded_key); + aes_expand_decryption_key(k, decrypt_key); +- aes_encrypt(&x, expanded_key); ++ srtp_aes_encrypt(&x, expanded_key); + aes_decrypt(&x, decrypt_key); + + /* compare to expected value then report */ diff --git a/libsrtp.spec b/libsrtp.spec index a84c4c9..f868c3e 100644 --- a/libsrtp.spec +++ b/libsrtp.spec @@ -3,7 +3,7 @@ Name: lib%{shortname} Version: 1.4.4 -Release: 9.%{cvsver}%{?dist} +Release: 10.%{cvsver}%{?dist} Summary: An implementation of the Secure Real-time Transport Protocol (SRTP) Group: System Environment/Libraries License: BSD @@ -21,6 +21,8 @@ Source2: config.h # And how does Chromium always manage to find these projects and use them? Patch0: libsrtp-1.4.4-shared.patch Patch1: libsrtp-1.4.4-CVE20132139.patch +Patch2: libsrtp-srtp_aes_encrypt.patch +Patch3: libsrtp-sha1-name-fix.patch %description This package provides an implementation of the Secure Real-time @@ -41,6 +43,8 @@ developing applications that use %{name}. %setup -q -n %{shortname} %patch0 -p1 -b .shared %patch1 -p1 -b .CVE20132139 +%patch2 -p1 -b .srtp_aes_encrypt +%patch3 -p1 -b .sha1-name-fix # Fix end-of-line encoding sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt @@ -91,6 +95,9 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h %{_libdir}/*.so %changelog +* Mon Feb 10 2014 Tom Callaway - 1.4.4-10.20101004cvs +- rename internal functions to avoid conflicts (bz 956340) + * Mon Dec 30 2013 Tom Callaway - 1.4.4-9.20101004cvs - apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27