rpms / libsrtp

Clone
Source Code
GIT

Blame SOURCES/libsrtp-CVE-2013-2139.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   98e5b525f671564bc5ca6e3f67cc61aee4a5b833
  2.   SOURCES
  3.   libsrtp-CVE-2013-2139.patch
Blob History Raw
98e5b5 
diff --git a/srtp/srtp.c b/srtp/srtp.c
98e5b5 
index 3722fc1..a0dd047 100644
98e5b5 
--- a/srtp/srtp.c
98e5b5 
+++ b/srtp/srtp.c
98e5b5 
@@ -2046,24 +2046,19 @@ crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
98e5b5 
   /* set SRTP policy from the SRTP profile in the key set */
98e5b5 
   switch(profile) {
98e5b5 
   case srtp_profile_aes128_cm_sha1_80:
98e5b5 
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
98e5b5 
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
   case srtp_profile_aes128_cm_sha1_32:
98e5b5 
     crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
98e5b5 
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
   case srtp_profile_null_sha1_80:
98e5b5 
-    crypto_policy_set_null_cipher_hmac_sha1_80(policy);
98e5b5 
     crypto_policy_set_null_cipher_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
   case srtp_profile_aes256_cm_sha1_80:
98e5b5 
-    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
98e5b5 
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
   case srtp_profile_aes256_cm_sha1_32:
98e5b5 
     crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
98e5b5 
-    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
     /* the following profiles are not (yet) supported */
98e5b5 
   case srtp_profile_null_sha1_32:
98e5b5 
@@ -2084,6 +2079,8 @@ crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
98e5b5 
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
   case srtp_profile_aes128_cm_sha1_32:
98e5b5 
+    /* We do not honor the 32-bit auth tag request since
98e5b5 
+     * this is not compliant with RFC 3711 */
98e5b5 
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
   case srtp_profile_null_sha1_80:
98e5b5 
@@ -2093,6 +2090,8 @@ crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
98e5b5 
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
   case srtp_profile_aes256_cm_sha1_32:
98e5b5 
+    /* We do not honor the 32-bit auth tag request since
98e5b5 
+     * this is not compliant with RFC 3711 */
98e5b5 
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
98e5b5 
     break;
98e5b5 
     /* the following profiles are not (yet) supported */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation