cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport OpenSSL 1.1 support (and prerequisites) from libsrtp2.

Browse Source 
84faa631a5
  Refactor memory allocation for the symmetric ciphers context structures.

5781341d99
  Use the OpenSSL HMAC implementation, and thus also the OpenSSL EVP_sha1()
  implementation.

  Experiments show about a 1.5x speedup on Intel CPUs with AVX2.

fb95445019
  When building with OpenSSL, pass the AES_ICM key to the EVP context (and
  thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv.

  This means that AES key expansion is done once per key, rather than once
  per packet, resulting in a 2-3x speedup for AES-128.

1acba56991
  When building with OpenSSL, pass the AES_GCM key to the EVP context (and
  thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv.

  Improves AES_GCM performance 2x-3x.

0b45423678
  Changes for OpenSSL 1.1.0 compatibility.

  In OpenSSL 1.1.0, EVP_CIPHER_CTX, HMAC_CTX, and EVP_MD_CTX are opaque
  types, and have to be allocated with *_new methods and deallocated with
  *_free.

  EVP_CIPHER_CTX_new/free is present in OpenSSL 1.0.1 and later, but
  HMAC_CTX_new and EVP_MD_CTX_new are new in OpenSSL 1.1.0.

  Use the _new unconditionally for ciphers, and conditionally use the old
  or new APIs for HMAC and MD.

  No noticible performance change for older OpenSSL.

PR:		228866
This commit is contained in:
Tijl Coosemans 2018-06-11 08:18:30 +00:00
parent edb52418c9
commit bfc941deb4
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=472170
6 changed files with 1097 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net/libsrtp/Makefile
View File

@ -4,6 +4,7 @@
PORTNAME= libsrtp
DISTVERSIONPREFIX= v
DISTVERSION= 1.6.0
PORTREVISION= 1
CATEGORIES= net
MAINTAINER= tijl@FreeBSD.org

285
net/libsrtp/files/patch-00-84faa63 Normal file
View File

@ -0,0 +1,285 @@
Backport of https://github.com/cisco/libsrtp/commit/84faa631a55235f6138cacda2e7f81980a43d13e
--- crypto/cipher/aes_gcm_ossl.c.orig 2017-08-01 11:57:38 UTC
+++ crypto/cipher/aes_gcm_ossl.c
@@ -85,8 +85,6 @@ extern cipher_type_t aes_gcm_256_openssl;
err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
{
aes_gcm_ctx_t *gcm;
- int tmp;
- uint8_t *allptr;
debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len);
debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen);
@@ -105,16 +103,22 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int
}
/* allocate memory a cipher of type aes_gcm */
- tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t);
- allptr = crypto_alloc(tmp);
- if (allptr == NULL) {
+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t));
+ if (*c == NULL) {
return (err_status_alloc_fail);
}
+ memset(*c, 0x0, sizeof(cipher_t));
+ gcm = (aes_gcm_ctx_t *)crypto_alloc(sizeof(aes_gcm_ctx_t));
+ if (gcm == NULL) {
+ crypto_free(*c);
+ *c = NULL;
+ return (err_status_alloc_fail);
+ }
+ memset(gcm, 0x0, sizeof(aes_gcm_ctx_t));
+
/* set pointers */
- *c = (cipher_t*)allptr;
- (*c)->state = allptr + sizeof(cipher_t);
- gcm = (aes_gcm_ctx_t *)(*c)->state;
+ (*c)->state = gcm;
/* increment ref_count */
switch (key_len) {
@@ -122,15 +126,15 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int
(*c)->type = &aes_gcm_128_openssl;
(*c)->algorithm = AES_128_GCM;
aes_gcm_128_openssl.ref_count++;
- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ gcm->key_size = AES_128_KEYSIZE;
+ gcm->tag_len = tlen;
break;
case AES_256_GCM_KEYSIZE_WSALT:
(*c)->type = &aes_gcm_256_openssl;
(*c)->algorithm = AES_256_GCM;
aes_gcm_256_openssl.ref_count++;
- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ gcm->key_size = AES_256_KEYSIZE;
+ gcm->tag_len = tlen;
break;
}
@@ -164,10 +168,10 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
return (err_status_dealloc_fail);
break;
}
+ /* zeroize the key material */
+ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_gcm_ctx_t));
+ crypto_free(ctx);
}
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_t));
/* free memory */
crypto_free(c);
--- crypto/cipher/aes_icm.c.orig 2017-08-01 11:57:38 UTC
+++ crypto/cipher/aes_icm.c
@@ -95,8 +95,7 @@ debug_module_t mod_aes_icm = {
err_status_t
aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) {
extern cipher_type_t aes_icm;
- uint8_t *pointer;
- int tmp;
+ aes_icm_ctx_t *icm;
debug_print(mod_aes_icm,
"allocating cipher with key length %d", key_len);
@@ -114,13 +113,23 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int
return err_status_bad_param;
/* allocate memory a cipher of type aes_icm */
- tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
- pointer = (uint8_t*)crypto_alloc(tmp);
- if (pointer == NULL)
+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t));
+ if (*c == NULL)
return err_status_alloc_fail;
+ memset(*c, 0x0, sizeof(cipher_t));
+
+ icm = (aes_icm_ctx_t *)crypto_alloc(sizeof(aes_icm_ctx_t));
+ if (icm == NULL) {
+ crypto_free(*c);
+ return err_status_alloc_fail;
+ }
+ memset(icm, 0x0, sizeof(aes_icm_ctx_t));
+
/* set pointers */
- *c = (cipher_t *)pointer;
+ (*c)->state = icm;
+ (*c)->type = &aes_icm;
+
switch (key_len) {
case 46:
(*c)->algorithm = AES_256_ICM;
@@ -132,13 +141,12 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int
(*c)->algorithm = AES_128_ICM;
break;
}
- (*c)->type = &aes_icm;
- (*c)->state = pointer + sizeof(cipher_t);
/* increment ref_count */
aes_icm.ref_count++;
/* set key size */
+ icm->key_size = key_len;
(*c)->key_len = key_len;
return err_status_ok;
@@ -151,12 +159,20 @@ err_status_t aes_icm_alloc(cipher_t **c, int key_len,
err_status_t
aes_icm_dealloc(cipher_t *c) {
extern cipher_type_t aes_icm;
+ aes_icm_ctx_t *ctx;
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
+ if (c == NULL) {
+ return err_status_bad_param;
+ }
- /* free memory */
+ ctx = (aes_icm_ctx_t *)c->state;
+ if (ctx) {
+ /* zeroize the key material */
+ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_icm_ctx_t));
+ crypto_free(ctx);
+ }
+
+ /* free the cipher context */
crypto_free(c);
/* decrement ref_count */
--- crypto/cipher/aes_icm_ossl.c.orig 2017-08-01 11:57:38 UTC
+++ crypto/cipher/aes_icm_ossl.c
@@ -115,8 +115,6 @@ extern cipher_type_t aes_icm_256;
err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
{
aes_icm_ctx_t *icm;
- int tmp;
- uint8_t *allptr;
debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len);
@@ -132,16 +130,22 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int
}
/* allocate memory a cipher of type aes_icm */
- tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t);
- allptr = (uint8_t*)crypto_alloc(tmp);
- if (allptr == NULL) {
+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t));
+ if (*c == NULL) {
return err_status_alloc_fail;
}
+ memset(*c, 0x0, sizeof(cipher_t));
+ icm = (aes_icm_ctx_t *)crypto_alloc(sizeof(aes_icm_ctx_t));
+ if (icm == NULL) {
+ crypto_free(*c);
+ *c = NULL;
+ return err_status_alloc_fail;
+ }
+ memset(icm, 0x0, sizeof(aes_icm_ctx_t));
+
/* set pointers */
- *c = (cipher_t*)allptr;
- (*c)->state = allptr + sizeof(cipher_t);
- icm = (aes_icm_ctx_t*)(*c)->state;
+ (*c)->state = icm;
/* increment ref_count */
switch (key_len) {
@@ -149,21 +153,21 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int
(*c)->algorithm = AES_128_ICM;
(*c)->type = &aes_icm;
aes_icm.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
+ icm->key_size = AES_128_KEYSIZE;
break;
#ifndef SRTP_NO_AES192
case AES_192_KEYSIZE_WSALT:
(*c)->algorithm = AES_192_ICM;
(*c)->type = &aes_icm_192;
aes_icm_192.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE;
+ icm->key_size = AES_192_KEYSIZE;
break;
#endif
case AES_256_KEYSIZE_WSALT:
(*c)->algorithm = AES_256_ICM;
(*c)->type = &aes_icm_256;
aes_icm_256.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
+ icm->key_size = AES_256_KEYSIZE;
break;
}
@@ -209,11 +213,10 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
return err_status_dealloc_fail;
break;
}
+ /* zeroize the key material */
+ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_icm_ctx_t));
+ crypto_free(ctx);
}
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)c,
- sizeof(cipher_t) + sizeof(aes_icm_ctx_t));
/* free memory */
crypto_free(c);
--- crypto/cipher/null_cipher.c.orig 2017-08-01 11:57:38 UTC
+++ crypto/cipher/null_cipher.c
@@ -59,21 +59,21 @@ extern debug_module_t mod_cipher;
err_status_t
null_cipher_alloc(cipher_t **c, int key_len, int tlen) {
extern cipher_type_t null_cipher;
- uint8_t *pointer;
debug_print(mod_cipher,
"allocating cipher with key length %d", key_len);
/* allocate memory a cipher of type null_cipher */
- pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t));
- if (pointer == NULL)
+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t));
+ if (*c == NULL)
return err_status_alloc_fail;
+ memset(*c, 0x0, sizeof(cipher_t));
+
/* set pointers */
- *c = (cipher_t *)pointer;
(*c)->algorithm = NULL_CIPHER;
(*c)->type = &null_cipher;
- (*c)->state = pointer + sizeof(cipher_t);
+ (*c)->state = 0x1; /* The null cipher does not maintain state */
/* set key size */
(*c)->key_len = key_len;
@@ -90,8 +90,7 @@ null_cipher_dealloc(cipher_t *c) {
extern cipher_type_t null_cipher;
/* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(null_cipher_ctx_t) + sizeof(cipher_t));
+ octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t));
/* free memory of type null_cipher */
crypto_free(c);
--- crypto/test/cipher_driver.c.orig 2017-08-01 11:57:38 UTC
+++ crypto/test/cipher_driver.c
@@ -58,7 +58,6 @@
#else
#include "aes_icm.h"
#endif
-#include "null_cipher.h"
#define PRINT_DEBUG 0

254
net/libsrtp/files/patch-01-5781341 Normal file
View File

@ -0,0 +1,254 @@
Backport of https://github.com/cisco/libsrtp/commit/5781341d99cd286a1f3d164e0576c2e837a444b7
--- crypto/hash/hmac_ossl.c.orig 2017-08-01 11:57:38 UTC
+++ crypto/hash/hmac_ossl.c
@@ -46,11 +46,12 @@
#include <config.h>
#endif
-#include "hmac.h"
+#include "auth.h"
#include "alloc.h"
#include <openssl/evp.h>
+#include <openssl/hmac.h>
-#define HMAC_KEYLEN_MAX 20
+#define SHA1_DIGEST_SIZE 20
/* the debug module for authentiation */
@@ -65,26 +66,18 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
{
extern auth_type_t hmac;
uint8_t *pointer;
- hmac_ctx_t *new_hmac_ctx;
+ HMAC_CTX *new_hmac_ctx;
debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
debug_print(mod_hmac, " tag length %d", out_len);
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
- }
-
/* check output length - should be less than 20 bytes */
- if (out_len > HMAC_KEYLEN_MAX) {
+ if (out_len > SHA1_DIGEST_SIZE) {
return err_status_bad_param;
}
- /* allocate memory for auth and hmac_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
+ /* allocate memory for auth and HMAC_CTX structures */
+ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t));
if (pointer == NULL) {
return err_status_alloc_fail;
}
@@ -96,8 +89,8 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
- new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
+ new_hmac_ctx = (HMAC_CTX*)((*a)->state);
+ HMAC_CTX_init(new_hmac_ctx);
/* increment global count of all hmac uses */
hmac.ref_count++;
@@ -109,19 +102,15 @@ err_status_t
hmac_dealloc (auth_t *a)
{
extern auth_type_t hmac;
- hmac_ctx_t *hmac_ctx;
+ HMAC_CTX *hmac_ctx;
- hmac_ctx = (hmac_ctx_t*)a->state;
- if (hmac_ctx->ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
- }
- if (hmac_ctx->init_ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
- }
+ hmac_ctx = (HMAC_CTX*)a->state;
+ HMAC_CTX_cleanup(hmac_ctx);
+
/* zeroize entire state*/
octet_string_set_to_zero((uint8_t*)a,
- sizeof(hmac_ctx_t) + sizeof(auth_t));
+ sizeof(HMAC_CTX) + sizeof(auth_t));
/* free memory */
crypto_free(a);
@@ -133,113 +122,65 @@ hmac_dealloc (auth_t *a)
}
err_status_t
-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
+hmac_init (HMAC_CTX *state, const uint8_t *key, int key_len)
{
- int i;
- uint8_t ipad[64];
+ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
+ return err_status_auth_fail;
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
- }
-
- /*
- * set values of ipad and opad by exoring the key into the
- * appropriate constant values
- */
- for (i = 0; i < key_len; i++) {
- ipad[i] = key[i] ^ 0x36;
- state->opad[i] = key[i] ^ 0x5c;
- }
- /* set the rest of ipad, opad to constant values */
- for (; i < sizeof(ipad); i++) {
- ipad[i] = 0x36;
- ((uint8_t*)state->opad)[i] = 0x5c;
- }
-
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
-
- /* initialize sha1 context */
- sha1_init(&state->init_ctx);
- state->init_ctx_initialized = 1;
-
- /* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, sizeof(ipad));
- return (hmac_start(state));
+ return err_status_ok;
}
err_status_t
-hmac_start (hmac_ctx_t *state)
+hmac_start (HMAC_CTX *state)
{
- if (state->ctx_initialized) {
- EVP_MD_CTX_cleanup(&state->ctx);
- }
- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
+ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
return err_status_auth_fail;
- } else {
- state->ctx_initialized = 1;
- return err_status_ok;
- }
+
+ return err_status_ok;
}
err_status_t
-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
+hmac_update (HMAC_CTX *state, const uint8_t *message, int msg_octets)
{
debug_print(mod_hmac, "input: %s",
octet_string_hex_string(message, msg_octets));
- /* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return err_status_auth_fail;
return err_status_ok;
}
err_status_t
-hmac_compute (hmac_ctx_t *state, const void *message,
+hmac_compute (HMAC_CTX *state, const void *message,
int msg_octets, int tag_len, uint8_t *result)
{
- uint32_t hash_value[5];
- uint32_t H[5];
+ uint8_t hash_value[SHA1_DIGEST_SIZE];
int i;
+ unsigned int len;
/* check tag length, return error if we can't provide the value expected */
- if (tag_len > HMAC_KEYLEN_MAX) {
+ if (tag_len > SHA1_DIGEST_SIZE) {
return err_status_bad_param;
}
/* hash message, copy output into H */
- sha1_update(&state->ctx, message, msg_octets);
- sha1_final(&state->ctx, H);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return err_status_auth_fail;
- /*
- * note that we don't need to debug_print() the input, since the
- * function hmac_update() already did that for us
- */
- debug_print(mod_hmac, "intermediate state: %s",
- octet_string_hex_string((uint8_t*)H, sizeof(H)));
+ if (HMAC_Final(state, hash_value, &len) == 0)
+ return err_status_auth_fail;
- /* re-initialize hash context */
- sha1_init(&state->ctx);
+ if (len < tag_len)
+ return err_status_auth_fail;
- /* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
-
- /* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
-
- /* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
-
/* copy hash_value to *result */
for (i = 0; i < tag_len; i++) {
- result[i] = ((uint8_t*)hash_value)[i];
+ result[i] = hash_value[i];
}
debug_print(mod_hmac, "output: %s",
- octet_string_hex_string((uint8_t*)hash_value, tag_len));
+ octet_string_hex_string(hash_value, tag_len));
return err_status_ok;
}
@@ -248,7 +189,7 @@ hmac_compute (hmac_ctx_t *state, const void *message,
/* begin test case 0 */
uint8_t
- hmac_test_case_0_key[HMAC_KEYLEN_MAX] = {
+ hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
@@ -260,7 +201,7 @@ uint8_t
};
uint8_t
- hmac_test_case_0_tag[HMAC_KEYLEN_MAX] = {
+ hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
0xf1, 0x46, 0xbe, 0x00
--- crypto/include/hmac.h.orig 2017-08-01 11:57:38 UTC
+++ crypto/include/hmac.h
@@ -53,10 +53,6 @@ typedef struct {
uint8_t opad[64];
sha1_ctx_t ctx;
sha1_ctx_t init_ctx;
-#ifdef OPENSSL
- int ctx_initialized;
- int init_ctx_initialized;
-#endif
} hmac_ctx_t;
err_status_t

113
net/libsrtp/files/patch-02-fb95445 Normal file
View File

@ -0,0 +1,113 @@
Backport of https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b
--- crypto/cipher/aes_icm_ossl.c.orig 2018-06-10 20:33:16 UTC
+++ crypto/cipher/aes_icm_ossl.c
@@ -235,6 +235,8 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
*/
err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)
{
+ const EVP_CIPHER *evp;
+
/*
* set counter and initial values to 'offset' value, being careful not to
* go past the end of the key buffer
@@ -252,30 +254,35 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;
- /* copy key to be used later when CiscoSSL crypto context is created */
- v128_copy_octet_string((v128_t*)&c->key, key);
+ debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size));
+ debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
- /* if the key is greater than 16 bytes, copy the second
- * half. Note, we treat AES-192 and AES-256 the same here
- * for simplicity. The storage location receiving the
- * key is statically allocated to handle a full 32 byte key
- * regardless of the cipher in use.
- */
- if (c->key_size == AES_256_KEYSIZE
+ EVP_CIPHER_CTX_init(&c->ctx);
+
+ switch (c->key_size) {
+ case AES_256_KEYSIZE:
+ evp = EVP_aes_256_ctr();
+ break;
#ifndef SRTP_NO_AES192
- || c->key_size == AES_192_KEYSIZE
+ case AES_192_KEYSIZE:
+ evp = EVP_aes_192_ctr();
+ break;
#endif
- ) {
- debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
+ case AES_128_KEYSIZE:
+ evp = EVP_aes_128_ctr();
+ break;
+ default:
+ return err_status_bad_param;
+ break;
}
- debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
- debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+ if (!EVP_EncryptInit_ex(&c->ctx, evp,
+ NULL, key, NULL)) {
+ return err_status_fail;
+ } else {
+ return err_status_ok;
+ }
- EVP_CIPHER_CTX_cleanup(&c->ctx);
-
return err_status_ok;
}
@@ -286,7 +293,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
*/
err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
{
- const EVP_CIPHER *evp;
v128_t nonce;
/* set nonce (for alignment) */
@@ -298,25 +304,8 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c,
debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
- switch (c->key_size) {
- case AES_256_KEYSIZE:
- evp = EVP_aes_256_ctr();
- break;
-#ifndef SRTP_NO_AES192
- case AES_192_KEYSIZE:
- evp = EVP_aes_192_ctr();
- break;
-#endif
- case AES_128_KEYSIZE:
- evp = EVP_aes_128_ctr();
- break;
- default:
- return err_status_bad_param;
- break;
- }
-
- if (!EVP_EncryptInit_ex(&c->ctx, evp,
- NULL, c->key.v8, c->counter.v8)) {
+ if (!EVP_EncryptInit_ex(&c->ctx, NULL,
+ NULL, NULL, c->counter.v8)) {
return err_status_fail;
} else {
return err_status_ok;
--- crypto/include/aes_icm_ossl.h.orig 2017-08-01 11:57:38 UTC
+++ crypto/include/aes_icm_ossl.h
@@ -70,7 +70,6 @@
typedef struct {
v128_t counter; /* holds the counter value */
v128_t offset; /* initial offset value */
- v256_t key;
int key_size;
EVP_CIPHER_CTX ctx;
} aes_icm_ctx_t;

83
net/libsrtp/files/patch-03-1acba56 Normal file
View File

@ -0,0 +1,83 @@
Backport of https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac
--- crypto/cipher/aes_gcm_ossl.c.orig 2018-06-10 18:51:02 UTC
+++ crypto/cipher/aes_gcm_ossl.c
@@ -187,22 +187,28 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
*/
err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
{
+ const EVP_CIPHER *evp;
+
c->dir = direction_any;
- /* copy key to be used later when CiscoSSL crypto context is created */
- v128_copy_octet_string((v128_t*)&c->key, key);
+ debug_print(mod_aes_gcm, "key: %s", octet_string_hex_string(key, c->key_size));
- if (c->key_size == AES_256_KEYSIZE) {
- debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s",
- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1,
- key + AES_128_KEYSIZE);
+ switch (c->key_size) {
+ case AES_256_KEYSIZE:
+ evp = EVP_aes_256_gcm();
+ break;
+ case AES_128_KEYSIZE:
+ evp = EVP_aes_128_gcm();
+ break;
+ default:
+ return (err_status_bad_param);
+ break;
}
- debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
+ if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) {
+ return (err_status_init_fail);
+ }
- EVP_CIPHER_CTX_cleanup(&c->ctx);
-
return (err_status_ok);
}
@@ -214,8 +220,6 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx
err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
int direction)
{
- const EVP_CIPHER *evp;
-
if (direction != direction_encrypt && direction != direction_decrypt) {
return (err_status_bad_param);
}
@@ -223,19 +227,7 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c,
debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv));
- switch (c->key_size) {
- case AES_256_KEYSIZE:
- evp = EVP_aes_256_gcm();
- break;
- case AES_128_KEYSIZE:
- evp = EVP_aes_128_gcm();
- break;
- default:
- return (err_status_bad_param);
- break;
- }
-
- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
+ if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL,
NULL, (c->dir == direction_encrypt ? 1 : 0))) {
return (err_status_init_fail);
}
--- crypto/include/aes_gcm_ossl.h.orig 2017-08-01 11:57:38 UTC
+++ crypto/include/aes_gcm_ossl.h
@@ -52,7 +52,6 @@
#include <openssl/aes.h>
typedef struct {
- v256_t key;
int key_size;
int tag_len;
EVP_CIPHER_CTX ctx;

361
net/libsrtp/files/patch-04-0b45423 Normal file
View File

@ -0,0 +1,361 @@
Backport of https://github.com/cisco/libsrtp/commit/0b45423678ddc46d702f3a51614f20bfbd112ddd
--- crypto/cipher/aes_gcm_ossl.c.orig 2018-06-11 07:46:09 UTC
+++ crypto/cipher/aes_gcm_ossl.c
@@ -117,6 +117,14 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int
}
memset(gcm, 0x0, sizeof(aes_gcm_ctx_t));
+ gcm->ctx = EVP_CIPHER_CTX_new();
+ if (gcm->ctx == NULL) {
+ crypto_free(gcm);
+ crypto_free(*c);
+ *c = NULL;
+ return err_status_alloc_fail;
+ }
+
/* set pointers */
(*c)->state = gcm;
@@ -140,7 +148,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&gcm->ctx);
return (err_status_ok);
}
@@ -155,7 +162,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
ctx = (aes_gcm_ctx_t*)c->state;
if (ctx) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ EVP_CIPHER_CTX_free(ctx->ctx);
/* decrement ref_count for the appropriate engine */
switch (ctx->key_size) {
case AES_256_KEYSIZE:
@@ -205,7 +212,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx
break;
}
- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) {
+ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
return (err_status_init_fail);
}
@@ -227,19 +234,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c,
debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv));
- if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL,
+ if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL,
NULL, (c->dir == direction_encrypt ? 1 : 0))) {
return (err_status_init_fail);
}
/* set IV len and the IV value, the followiong 3 calls are required */
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
return (err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
return (err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
return (err_status_init_fail);
}
@@ -263,9 +270,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c
* Set dummy tag, OpenSSL requires the Tag to be set before
* processing AAD
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
+ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
if (rv != aad_len) {
return (err_status_algo_fail);
} else {
@@ -291,7 +298,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c
/*
* Encrypt the data
*/
- EVP_Cipher(&c->ctx, buf, buf, *enc_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len);
return (err_status_ok);
}
@@ -313,12 +320,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c
/*
* Calculate the tag
*/
- EVP_Cipher(&c->ctx, NULL, NULL, 0);
+ EVP_Cipher(c->ctx, NULL, NULL, 0);
/*
* Retreive the tag
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
/*
* Increase encryption length by desired tag size
@@ -347,14 +354,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c
/*
* Set the tag before decrypting
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
buf + (*enc_len - c->tag_len));
- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
/*
* Check the tag
*/
- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
+ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
return (err_status_auth_fail);
}
--- crypto/cipher/aes_icm_ossl.c.orig 2018-06-11 07:46:00 UTC
+++ crypto/cipher/aes_icm_ossl.c
@@ -144,6 +144,14 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int
}
memset(icm, 0x0, sizeof(aes_icm_ctx_t));
+ icm->ctx = EVP_CIPHER_CTX_new();
+ if (icm->ctx == NULL) {
+ crypto_free(icm);
+ crypto_free(*c);
+ *c = NULL;
+ return err_status_alloc_fail;
+ }
+
/* set pointers */
(*c)->state = icm;
@@ -173,7 +181,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&icm->ctx);
return err_status_ok;
}
@@ -195,7 +202,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
*/
ctx = (aes_icm_ctx_t*)c->state;
if (ctx != NULL) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ EVP_CIPHER_CTX_free(ctx->ctx);
/* decrement ref_count for the appropriate engine */
switch (ctx->key_size) {
case AES_256_KEYSIZE:
@@ -257,8 +264,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size));
debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
- EVP_CIPHER_CTX_init(&c->ctx);
-
switch (c->key_size) {
case AES_256_KEYSIZE:
evp = EVP_aes_256_ctr();
@@ -276,7 +281,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
break;
}
- if (!EVP_EncryptInit_ex(&c->ctx, evp,
+ if (!EVP_EncryptInit_ex(c->ctx, evp,
NULL, key, NULL)) {
return err_status_fail;
} else {
@@ -304,7 +309,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c,
debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
- if (!EVP_EncryptInit_ex(&c->ctx, NULL,
+ if (!EVP_EncryptInit_ex(c->ctx, NULL,
NULL, NULL, c->counter.v8)) {
return err_status_fail;
} else {
@@ -326,12 +331,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c
debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
+ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
return err_status_cipher_fail;
}
*enc_len = len;
- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
+ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
return err_status_cipher_fail;
}
*enc_len += len;
--- crypto/hash/hmac_ossl.c.orig 2018-06-11 07:45:39 UTC
+++ crypto/hash/hmac_ossl.c
@@ -65,8 +65,6 @@ err_status_t
hmac_alloc (auth_t **a, int key_len, int out_len)
{
extern auth_type_t hmac;
- uint8_t *pointer;
- HMAC_CTX *new_hmac_ctx;
debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
debug_print(mod_hmac, " tag length %d", out_len);
@@ -76,21 +74,43 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
return err_status_bad_param;
}
- /* allocate memory for auth and HMAC_CTX structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t));
- if (pointer == NULL) {
+/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
+ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ {
+ /* allocate memory for auth and HMAC_CTX structures */
+ uint8_t* pointer;
+ HMAC_CTX *new_hmac_ctx;
+ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t));
+ if (pointer == NULL) {
+ return err_status_alloc_fail;
+ }
+ *a = (auth_t*)pointer;
+ (*a)->state = pointer + sizeof(auth_t);
+ new_hmac_ctx = (HMAC_CTX*)((*a)->state);
+
+ HMAC_CTX_init(new_hmac_ctx);
+ }
+
+#else
+ *a = (auth_t*)crypto_alloc(sizeof(auth_t));
+ if (*a == NULL) {
return err_status_alloc_fail;
}
+ (*a)->state = HMAC_CTX_new();
+ if ((*a)->state == NULL) {
+ crypto_free(*a);
+ *a = NULL;
+ return err_status_alloc_fail;
+ }
+#endif
+
/* set pointers */
- *a = (auth_t*)pointer;
(*a)->type = &hmac;
- (*a)->state = pointer + sizeof(auth_t);
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
- new_hmac_ctx = (HMAC_CTX*)((*a)->state);
- HMAC_CTX_init(new_hmac_ctx);
/* increment global count of all hmac uses */
hmac.ref_count++;
@@ -106,11 +126,19 @@ hmac_dealloc (auth_t *a)
hmac_ctx = (HMAC_CTX*)a->state;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX_cleanup(hmac_ctx);
/* zeroize entire state*/
octet_string_set_to_zero((uint8_t*)a,
sizeof(HMAC_CTX) + sizeof(auth_t));
+
+#else
+ HMAC_CTX_free(hmac_ctx);
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t));
+#endif
/* free memory */
crypto_free(a);
--- crypto/include/aes_gcm_ossl.h.orig 2018-06-11 07:46:09 UTC
+++ crypto/include/aes_gcm_ossl.h
@@ -54,7 +54,7 @@
typedef struct {
int key_size;
int tag_len;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX* ctx;
cipher_direction_t dir;
} aes_gcm_ctx_t;
--- crypto/include/aes_icm_ossl.h.orig 2018-06-11 07:46:00 UTC
+++ crypto/include/aes_icm_ossl.h
@@ -71,7 +71,7 @@ typedef struct {
v128_t counter; /* holds the counter value */
v128_t offset; /* initial offset value */
int key_size;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX* ctx;
} aes_icm_ctx_t;
err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
--- crypto/include/sha1.h.orig 2017-08-01 11:57:38 UTC
+++ crypto/include/sha1.h
@@ -56,8 +56,6 @@
#include <openssl/evp.h>
#include <stdint.h>
-typedef EVP_MD_CTX sha1_ctx_t;
-
/*
* sha1_init(&ctx) initializes the SHA1 context ctx
*
@@ -72,6 +70,12 @@ typedef EVP_MD_CTX sha1_ctx_t;
*
*/
+/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
+ using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+typedef EVP_MD_CTX sha1_ctx_t;
+
static inline void sha1_init (sha1_ctx_t *ctx)
{
EVP_MD_CTX_init(ctx);
@@ -88,7 +92,33 @@ static inline void sha1_final (sha1_ctx_t *ctx, uint32
unsigned int len = 0;
EVP_DigestFinal(ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_cleanup(ctx);
}
+
+#else
+
+typedef EVP_MD_CTX* sha1_ctx_t;
+
+static inline void sha1_init (sha1_ctx_t *ctx)
+{
+ *ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(*ctx, EVP_sha1());
+}
+
+static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
+{
+ EVP_DigestUpdate(*ctx, M, octets_in_msg);
+}
+
+static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
+{
+ unsigned int len = 0;
+
+ EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_free(*ctx);
+}
+#endif
+
#else
#include "datatypes.h"