forked from cisco/libsrtp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
223 lines (149 loc) · 7.87 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
Changelog
1.3.20
Lots of changes. Thanks to Jeff Chan for catching a memory leak and
helping track down the endian issues with the SSRCs.
1.3.8
This is an interim release. Several little-endian bugs were identified
and fixed; this means that we can use intel/linux for development again.
Cleaned up sha1 and hmac code significantly, got rid of some excess
functions and properly documented the fuctions in the .h files.
Eliminated some vestigial files.
There is a SIGBUS error in the AES encrypt function on sparc
(observed on both solaris and openbsd) with gcc 2.95. Was unable to
find bad pointer anywhere, so I'm wondering if it isn't a compiler
problem (there's a known problem whose profile it fits). It doesn't
appear on any other platform, even in the cipher_driver stress
tests.
Planned changes
Change interface to nonces (xtd_seq_num_t) so that it uses
network byte ordering, and is consistent with other arguments.
1.3.6
Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to
/dev/urandom; the latter is non-blocking on all known platforms (which
corrects some programs that seem to hang) and is actually present on
Open BSD (unlike /dev/random, which only works in the presence of
hardware supported random number generation).
Added machine/types.h case in include/integers.h.
1.3.5
Removing srtp_t::template and stream_clone().
Adding a new policy structure, which will reflect a complete SRTP
policy (including SRTCP).
This version is *incomplete* and will undergo more changes. It is
provided only as a basis for discussion.
1.3.4
Removed tmmh.c and tmmh.h, which implemented version one of TMMH.
Changed srtp_get_trailer_length() to act on streams rather than
sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should
usually be used rather than that function.
Removed 'salt' from cipher input.
Changed rdbx to use err.h error codes.
Changed malloc() and free() to xalloc() and xfree; these functions
are defined in crypto/kernel/alloc.c and declared in
include/alloc.h.
Added 'output' functions to cipher, in addition to 'encrypt'
functions. It is no longer necessary to zeroize a buffer before
encrypting in order to get keystream.
Changed octet_string_hex_string() so that "times two" isn't needed
in its input.
Added crypto_kernel_init() prior to command-line parsing, so that
kernel can be passed command-line arguments, such as "-d
debug_module". This was done to for the applications
test/srtp-driver, test/kernel-driver, and test/ust-driver.
Improved srtp_init_aes_128_prf - wrote key derivation function
(srtp_kdf_t).
Add the tag_len as an argument to the auth_compute() function, but
not the corresponding macro. This change allows the tag length for
a given auth func to be set to different values at initialization
time. Previously, the structure auth_t contained the
output_length, but that value was inaccessible from hmac_compute()
and other functions.
Re-named files from a-b.c to a_b.c. in order to help portability.
Re-named rijndael to aes (or aes_128 as appropriate).
1.2.1
Changes so that 1.2.0 compiles on cygwin-win2k.
Added better error reporting system. If syslog is present on the
OS, then it is used.
1.2.0 Many improvements and additions, and a fex fixes
Fixed endian issues in RTP header construction in the function
rtp_sendto() in srtp/rtp.c.
Implemented RIJNDAEL decryption operation, adding the functions
rijndael_decrypt() and rijndael_expand_decryption_key(). Also
re-named rijndael_expand_key() to rijndael_expand_encryption_key()
for consistency.
Implemented random number source using /dev/random, in the files
crypto/rng/rand_source.c and include/rand_source.h.
Added index check to SEAL cipher (only values less than 2^32 are
allowed)
Added test case for null_auth authentication function.
Added a timing test which tests the effect of CPU cache thrash on
cipher throughput. The test is done by the function
cipher_test_throughput_array(); the function
cipher_array_alloc_init() creates an array of ciphers for use in
this test. This test can be accessed by using the -a flag to
the application cipher-driver in the test subdirectory.
Added argument processing to ust-driver.c, and added that app to
the 'runtest' target in Makefile.in.
A minor auth_t API change: last argument of auth_init() eliminated.
1.0.6 A small but important fix
Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero()
after buffer allocation.
Eliminated references to no-longer-existing variables in debugging
code in srtp/srtp.c. This fixes the compilation failure that
occured when using PRINT_DEBUG in that file.
Corrected spelling of Richard Priestley's name in credits. Sorry
Richard!
1.0.5 Many little fixes
Fixed octet_string_set_to_zero(), which was writing one
more zero octet than it should. This bug caused srtp_protect()
and srtp_unprotect() to overwrite the byte that followed the
srtp packet.
Changed sizeof(uint32_t) to srtp_get_trailer_length() in
srtp-driver.c. This is just defensive coding.
Added NULL check to malloc in srtp_alloc().
1.0.4 Many minor fixes and two big ones (thanks for the bug reports!)
Removed 'ssrc' from the srtp_init_aes_128_prf() function argument
list. This is so that applications which do not a priori know the
ssrc which they will be receiving can still use libsrtp. Now the
SSRC value is gleaned from the rtp header and exored into the
counter mode offset in the srtp_protect() and srtp_unprotect()
functions, if that cipher is used. This change cascaed through
many other functions, including srtp_init_from_hex(),
srtp_sender_init() and srtp_receiver_init() in rtp.c, and also
changing the CLI to test/rtpw. In the future, another function
call will be added to the library that enables multiple ssrc/key
pairs to be installed into the same srtp session, so that libsrtp
works with multiple srtp senders. For now, this functionality is
lacking.
Removed the GDOI interface to the rtpw demo program. This will be
added again at a later date, after the SRTP and GDOI distributions
stabilize. For now, I've left in the GDOI #defines and autoconf
definitions so that they'll be in place when needed.
Updated tmmhv2_compute() so that it didn't assume any particular
alginment of the output tag.
Changed bit field variables in srtp.h to unsigned char from
unsigned int in order to avoid a potential endianness issue.
Fixed rdbx_estimate_index() to handle all input cases. This solves
the now notorious "abaft" bug in the rtpw demo app on linux/intel,
in which spurious replay protection failures happen after that word
is received.
Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed
from rijndael_icm_set_segment().
Added error checking and handling to srtp_sender_init() and
srtp_receiver_init().
Changed srtp_alloc() so that it does what you'd expect: allocate an
srtp_ctx_t structure. This hides the library internals.
1.0.1 Many minor fixes
Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This
function checks that the byte-buffering functions used by a cipher
are correct.
Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and
changed index_t to xtd_seq_num_t (see include/rdbx.h).
Fixed SEAL3.0 output byte buffering, added byte-buffering test to
cipher/cipher-driver.c.
Fixed roc-driver so that the non-sequential insertion test
automatically recovers from bad estimates. This was required to
prevent spurious failures.
Made rdbx_estimate_index(...) function smarter, so that initial RTP
sequence numbers greater than 32,768 don't cause it to estimate the
rollover counter of 0xffffffff.
1.0.0 Initial release