mirror of
https://gitdl.cn/https://github.com/chakralinux/core.git
synced 2025-02-10 13:44:37 +08:00
117 lines
4.1 KiB
Diff
117 lines
4.1 KiB
Diff
From 8884f4d8eb4ca7122dfcbd640b933b98ef4bab80 Mon Sep 17 00:00:00 2001
|
|
From: jfigus <jfig_us@yahoo.com>
|
|
Date: Thu, 30 May 2013 12:36:07 -0400
|
|
Subject: [PATCH 1/3] Remove double-invocations to prevent buffer-overflow
|
|
vulnerability.
|
|
|
|
---
|
|
srtp/srtp.c | 5 -----
|
|
1 file changed, 5 deletions(-)
|
|
|
|
diff --git a/srtp/srtp.c b/srtp/srtp.c
|
|
index 839c1ee..41e263c 100644
|
|
--- a/srtp/srtp.c
|
|
+++ b/srtp/srtp.c
|
|
@@ -2063,23 +2063,18 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
|
|
switch(profile) {
|
|
case srtp_profile_aes128_cm_sha1_80:
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_aes128_cm_sha1_32:
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
|
|
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_null_sha1_80:
|
|
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
|
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_aes256_cm_sha1_80:
|
|
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_aes256_cm_sha1_32:
|
|
crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
|
|
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
break;
|
|
/* the following profiles are not (yet) supported */
|
|
case srtp_profile_null_sha1_32:
|
|
--
|
|
1.8.5.1
|
|
|
|
|
|
From 8e47faf0f5b90672c7ebf2f0cf0562ee81a8b621 Mon Sep 17 00:00:00 2001
|
|
From: jfigus <jfig_us@yahoo.com>
|
|
Date: Thu, 30 May 2013 13:36:33 -0400
|
|
Subject: [PATCH 2/3] Fix 32-bit tag policies to use correct profile.
|
|
|
|
---
|
|
srtp/srtp.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/srtp/srtp.c b/srtp/srtp.c
|
|
index 41e263c..95c1ab4 100644
|
|
--- a/srtp/srtp.c
|
|
+++ b/srtp/srtp.c
|
|
@@ -2095,7 +2095,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_aes128_cm_sha1_32:
|
|
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
+ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
|
|
break;
|
|
case srtp_profile_null_sha1_80:
|
|
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
|
@@ -2104,7 +2104,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
|
|
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_aes256_cm_sha1_32:
|
|
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
+ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
|
|
break;
|
|
/* the following profiles are not (yet) supported */
|
|
case srtp_profile_null_sha1_32:
|
|
--
|
|
1.8.5.1
|
|
|
|
|
|
From 0acbb039c12b790621839facf56bfedbd071b74d Mon Sep 17 00:00:00 2001
|
|
From: jfigus <jfig_us@yahoo.com>
|
|
Date: Thu, 30 May 2013 16:47:02 -0400
|
|
Subject: [PATCH 3/3] Undo the changes to the RTCP profile helper function.
|
|
The prior commit was not compliant with RFC 3711.
|
|
|
|
---
|
|
srtp/srtp.c | 8 ++++++--
|
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/srtp/srtp.c b/srtp/srtp.c
|
|
index 95c1ab4..7fd19e6 100644
|
|
--- a/srtp/srtp.c
|
|
+++ b/srtp/srtp.c
|
|
@@ -2095,7 +2095,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_aes128_cm_sha1_32:
|
|
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
|
|
+ /* We do not honor the 32-bit auth tag request since
|
|
+ * this is not compliant with RFC 3711 */
|
|
+ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_null_sha1_80:
|
|
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
|
@@ -2104,7 +2106,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
|
|
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
break;
|
|
case srtp_profile_aes256_cm_sha1_32:
|
|
- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
|
|
+ /* We do not honor the 32-bit auth tag request since
|
|
+ * this is not compliant with RFC 3711 */
|
|
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
|
break;
|
|
/* the following profiles are not (yet) supported */
|
|
case srtp_profile_null_sha1_32:
|
|
--
|
|
1.8.5.1
|
|
|