sync changes from srtp upstream

diff --git a/libs/srtp/README b/libs/srtp/README
index 8ea9f72d081d8579027c034aaa3a19e9b3892f29..97f382c42aa1ec9f6100d7a1f870215287ebbea1 100644 (file)
--- a/libs/srtp/README
+++ b/libs/srtp/README
@@ -29,7 +29,7 @@ The configure script accepts the following options:
    --enable-openssl    use OpenSSL crypto primitives
    --gdoi              use GDOI key management (disabled at present)
 
-By default, debbuging is enabled and stdout is used for debugging.
+By default, debugging is enabled and stdout is used for debugging.
 You can use the above configure options to have the debugging output
 sent to syslog or the system console.  Alternatively, you can define
 ERR_REPORTING_FILE in include/conf.h to be any other file that can be
@@ -87,15 +87,30 @@ or     rtpw -l
   which the dictionary will be sent, respectively.  
 
   options:
-       -a use message authentication
-       -e <key size> use encryption (use 128, 192, or 256 for key size)
-       -g Use AES-GCM mode (must be used with -e) 
-       -k <key>  sets the srtp master key
-       -s act as rtp sender
-       -r act as rtp receiver
-       -l list debug modules
-       -d <debug> turn on debugging for module <debug>
-       -i specify input/output file
+
+  -s           (s)rtp sender - causes app to send words
+
+  -r           (s)rtp receive - causes app to receive words
+
+  -k <key>      use srtp master key <key>, where the
+               key is a hexadecimal value (without the
+                leading "0x")
+
+  -e <keysize>  encrypt/decrypt (for data confidentiality)
+                (requires use of -k option as well)
+                (use 128, 192, or 256 for keysize)
+
+  -g            use AES-GCM mode (must be used with -e) 
+
+  -a            message authentication 
+                (requires use of -k option as well)
+
+  -l            list debug modules
+
+  -d <debug>    turn on debugging for module <debug>
+  -i            specify input/output file 
+                (instead of using dictionary file)
+
 
 In order to get random 30-byte values for use as key/salt pairs , you
 can use the following bash function to format the output of

diff --git a/libs/srtp/crypto/Makefile.in b/libs/srtp/crypto/Makefile.in
index c6248fcf63e16f3837636913b3b639b92ff614ba..c93d9b1672c27579ce76b064ab2b608b60fbdf2a 100644 (file)
--- a/libs/srtp/crypto/Makefile.in
+++ b/libs/srtp/crypto/Makefile.in
@@ -40,15 +40,14 @@ endif
 dummy : all runtest 
 
 # test applications 
-
 ifneq (1, $(USE_OPENSSL))
 AES_CALC = test/aes_calc$(EXE)
 endif
 
-testapp = #test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
-         #test/stat_driver$(EXE) test/sha1_driver$(EXE) \
-         #test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \
-         #test/env$(EXE)
+testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
+         test/stat_driver$(EXE) test/sha1_driver$(EXE) \
+         test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \
+         test/env$(EXE)
 
 # data values used to test the aes_calc application for AES-128
 k128=000102030405060708090a0b0c0d0e0f

diff --git a/libs/srtp/crypto/cipher/aes_icm.c b/libs/srtp/crypto/cipher/aes_icm.c
index 64eb51dee67e1f5a91c23ffbd8f7c892f07255b8..ef7545f2830cc8615a75b77fdae04e676225f2a7 100644 (file)
--- a/libs/srtp/crypto/cipher/aes_icm.c
+++ b/libs/srtp/crypto/cipher/aes_icm.c
@@ -395,7 +395,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
   for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {
 
     /* fill buffer with new keystream */
-    aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp);
+    aes_icm_advance_ismacryp(c, forIsmacryp);
 
     /*
      * add keystream into the data buffer (this would be a lot faster
@@ -443,7 +443,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
   if ((bytes_to_encr & 0xf) != 0) {
     
     /* fill buffer with new keystream */
-    aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp);
+    aes_icm_advance_ismacryp(c, forIsmacryp);
     
     for (i=0; i < (bytes_to_encr & 0xf); i++)
       *buf++ ^= c->keystream_buffer.v8[i];
@@ -476,6 +476,10 @@ aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {
   return aes_icm_encrypt(c, buffer, &len);
 }
 
+uint16_t
+aes_icm_bytes_encrypted(aes_icm_ctx_t *c) {
+    return htons(c->counter.v16[7]);
+}
 
 char 
 aes_icm_description[] = "aes integer counter mode";

diff --git a/libs/srtp/crypto/cipher/null_cipher.c b/libs/srtp/crypto/cipher/null_cipher.c
index b12b1bfe8f2586600cec5a80933d29fcb90191a9..68d7aa70f532876a54d56d3d308f34138f748d1c 100644 (file)
--- a/libs/srtp/crypto/cipher/null_cipher.c
+++ b/libs/srtp/crypto/cipher/null_cipher.c
@@ -48,7 +48,6 @@
 #include "null_cipher.h"
 #include "alloc.h"
 
-
 /* the null_cipher uses the cipher debug module  */
 
 extern debug_module_t mod_cipher;

diff --git a/libs/srtp/crypto/hash/null_auth.c b/libs/srtp/crypto/hash/null_auth.c
index 5d810dd5b77e8f138c802bd23253e2ea417aedd8..103444bc5309819a37f65d314586d6e2797bf105 100644 (file)
--- a/libs/srtp/crypto/hash/null_auth.c
+++ b/libs/srtp/crypto/hash/null_auth.c
@@ -48,7 +48,6 @@
 #include "null_auth.h" 
 #include "alloc.h"
 
-
 /* null_auth uses the auth debug module */
 
 extern debug_module_t mod_auth;

diff --git a/libs/srtp/crypto/include/aes_icm.h b/libs/srtp/crypto/include/aes_icm.h
index bbcc6c3f5caaab11dcec686a935df438c52c643f..685a6d4c776b3f4c77f130e3478a0dace235e140 100644 (file)
--- a/libs/srtp/crypto/include/aes_icm.h
+++ b/libs/srtp/crypto/include/aes_icm.h
@@ -53,5 +53,8 @@ aes_icm_alloc_ismacryp(cipher_t **c,
                       int key_len, 
                       int forIsmacryp);
 
+uint16_t
+aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
+
 #endif /* AES_ICM_H */
 

diff --git a/libs/srtp/crypto/replay/ut_sim.c b/libs/srtp/crypto/replay/ut_sim.c
index 837aad7a3c67f743645517ea5bd77145eafdd49a..43c411e46b3b9f048e802a7c74ef57af2ef67948 100644 (file)
--- a/libs/srtp/crypto/replay/ut_sim.c
+++ b/libs/srtp/crypto/replay/ut_sim.c
@@ -47,6 +47,7 @@
 
 #include "ut_sim.h"
 
+
 int
 ut_compar(const void *a, const void *b) {
   return rand() > (RAND_MAX/2) ? -1 : 1;

diff --git a/libs/srtp/crypto/rng/ctr_prng.c b/libs/srtp/crypto/rng/ctr_prng.c
index 285124d415699aa8f45ac2bd4613f10f6712f9b7..69a1f37ab5fa9811d956cc1af2c80f9249cd06f6 100644 (file)
--- a/libs/srtp/crypto/rng/ctr_prng.c
+++ b/libs/srtp/crypto/rng/ctr_prng.c
@@ -83,10 +83,8 @@ ctr_prng_get_octet_string(void *dest, uint32_t len) {
 
   /* 
    * if we need to re-initialize the prng, do so now 
-   *
-   * avoid 32-bit overflows by subtracting instead of adding
    */
-  if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
+  if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) {
     status = ctr_prng_init(ctr_prng.rand);    
     if (status)
       return status;

diff --git a/libs/srtp/crypto/test/aes_calc.c b/libs/srtp/crypto/test/aes_calc.c
index fe3c6ad07df3b4bb9f1a6f169c08dc8b21bcb011..d1e900876a076a73b6621ccb0832cadf5d2a3796 100644 (file)
--- a/libs/srtp/crypto/test/aes_calc.c
+++ b/libs/srtp/crypto/test/aes_calc.c
@@ -36,7 +36,7 @@ main (int argc, char *argv[]) {
   uint8_t key[AES_MAX_KEY_LEN];
   aes_expanded_key_t exp_key;
   int key_len, len;
-  int verbose;
+  int verbose = 0;
   err_status_t status;
 
   if (argc == 3) {

diff --git a/libs/srtp/crypto/test/rand_gen_soak.c b/libs/srtp/crypto/test/rand_gen_soak.c
new file mode 100644 (file)
index 0000000..81a6408
--- /dev/null
+++ b/libs/srtp/crypto/test/rand_gen_soak.c
@@ -0,0 +1,76 @@
+/*
+ * Soak test the RNG for exhaustion failures
+ */
+#include <stdio.h>           /* for printf() */
+#include <unistd.h>          /* for getopt() */
+#include "crypto_kernel.h"
+
+#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
+
+int main(int argc, char *argv[])
+{
+    int q;
+    extern char *optarg;
+    int num_octets = 0;
+    err_status_t status;
+    uint32_t iterations = 0;
+    int print_values = 0;
+
+    if (argc == 1) {
+        exit(255);
+    }
+
+    status = crypto_kernel_init();
+    if (status) {
+        printf("error: crypto_kernel init failed\n");
+        exit(1);
+    }
+
+    while (1) {
+        q = getopt(argc, argv, "pvn:");
+        if (q == -1) {
+            break;
+        }
+        switch (q) {
+        case 'p':
+            print_values = 1;
+            break;
+        case 'n':
+            num_octets = atoi(optarg);
+            if (num_octets < 0 || num_octets > BUF_LEN) {
+                exit(255);
+            }
+            break;
+        case 'v':
+            num_octets = 30;
+            print_values = 0;
+            break;
+        default:
+            exit(255);
+        }
+    }
+
+    if (num_octets > 0) {
+        while (iterations < 300000) {
+            uint8_t buffer[BUF_LEN];
+
+            status = crypto_get_random(buffer, num_octets);
+            if (status) {
+                printf("iteration %d error: failure in random source\n", iterations);
+                exit(255);
+            } else if (print_values) {
+                printf("%s\n", octet_string_hex_string(buffer, num_octets));
+            }
+            iterations++;
+        }
+    }
+
+    status = crypto_kernel_shutdown();
+    if (status) {
+        printf("error: crypto_kernel shutdown failed\n");
+        exit(1);
+    }
+
+    return 0;
+}
+

diff --git a/libs/srtp/doc/libsrtp.pdf b/libs/srtp/doc/libsrtp.pdf
index 578f0c643c5ffab2afb42f8276c02d57cdda6bc8..a0a11b7bdc4e3a05397e200890a800599d012c5f 100644 (file)
Binary files a/libs/srtp/doc/libsrtp.pdf and b/libs/srtp/doc/libsrtp.pdf differ

diff --git a/libs/srtp/srtp/ekt.c b/libs/srtp/srtp/ekt.c
index 1079809d8ff99964d0dc1375b72ef2539a42ce31..f7786c597f93e6bf569345405537d28060f35b70 100644 (file)
--- a/libs/srtp/srtp/ekt.c
+++ b/libs/srtp/srtp/ekt.c
@@ -47,7 +47,6 @@
 #include "srtp_priv.h"
 #include "ekt.h"
 
-
 extern debug_module_t mod_srtp;
 
 /*

diff --git a/libs/srtp/srtp/srtp.c b/libs/srtp/srtp/srtp.c
index 1f7ac1246a0a459a8bb43718e75a597808826d22..e7f0b2394c4ec15a772a8cbcdb763d45a4d143b6 100644 (file)
--- a/libs/srtp/srtp/srtp.c
+++ b/libs/srtp/srtp/srtp.c
@@ -376,7 +376,7 @@ srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, i
 
 err_status_t
 srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label,
-                 uint8_t *key, unsigned length) {
+                 uint8_t *key, unsigned int length) {
 
   v128_t nonce;
   err_status_t status;
@@ -841,11 +841,11 @@ static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv,
  */
 static err_status_t
 srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, 
-                  void *rtp_hdr, int *pkt_octet_len)
+                  void *rtp_hdr, unsigned int *pkt_octet_len)
 {
     srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr;
     uint32_t *enc_start;        /* pointer to start of encrypted portion  */
-    unsigned enc_octet_len = 0; /* number of octets in encrypted portion  */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion  */
     xtd_seq_num_t est;          /* estimated xtd_seq_num_t of *hdr        */
     int delta;                  /* delta of local pkt idx and that in hdr */
     err_status_t status;
@@ -886,10 +886,10 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
          srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
          enc_start += (ntohs(xtn_hdr->length) + 1);
      }
-     if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len))
+     if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
          return err_status_parse_err;
      enc_octet_len = (unsigned int)(*pkt_octet_len -
-                     ((enc_start - (uint32_t*)hdr) << 2));
+                                    ((uint8_t*)enc_start - (uint8_t*)hdr));
 
     /*
      * estimate the packet index using the start of the replay window
@@ -972,11 +972,11 @@ srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
  */
 static err_status_t
 srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, 
-                    xtd_seq_num_t est, void *srtp_hdr, int *pkt_octet_len)
+                    xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len)
 {
     srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr;
     uint32_t *enc_start;        /* pointer to start of encrypted portion  */
-    unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
     v128_t iv;
     err_status_t status;
     int tag_len;
@@ -1013,13 +1013,13 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
         srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
         enc_start += (ntohs(xtn_hdr->length) + 1);
     }
-    if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len))
+    if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
         return err_status_parse_err;
     /*
      * We pass the tag down to the cipher when doing GCM mode 
      */
-    enc_octet_len = (unsigned int) *pkt_octet_len - 
-                    ((enc_start - (uint32_t *)hdr) << 2);
+    enc_octet_len = (unsigned int)(*pkt_octet_len - 
+                                   ((uint8_t*)enc_start - (uint8_t*)hdr));
 
     /*
      * Sanity check the encrypted payload length against
@@ -1131,7 +1131,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
    srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
    uint32_t *enc_start;        /* pointer to start of encrypted portion  */
    uint32_t *auth_start;       /* pointer to start of auth. portion      */
-   unsigned enc_octet_len = 0; /* number of octets in encrypted portion  */
+   unsigned int enc_octet_len = 0; /* number of octets in encrypted portion  */
    xtd_seq_num_t est;          /* estimated xtd_seq_num_t of *hdr        */
    int delta;                  /* delta of local pkt idx and that in hdr */
    uint8_t *auth_tag = NULL;   /* location of auth_tag within packet     */
@@ -1201,7 +1201,7 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
     */
   if (stream->rtp_cipher->algorithm == AES_128_GCM ||
       stream->rtp_cipher->algorithm == AES_256_GCM) {
-      return srtp_protect_aead(ctx, stream, rtp_hdr, pkt_octet_len);
+      return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len);
   }
 
   /* 
@@ -1238,11 +1238,11 @@ srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
      if (hdr->x == 1) {
        srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
        enc_start += (ntohs(xtn_hdr->length) + 1);
-       if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len))
+       if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
          return err_status_parse_err;
      }
-     enc_octet_len = (unsigned int)(*pkt_octet_len 
-                                   - ((enc_start - (uint32_t *)hdr) << 2));
+     enc_octet_len = (unsigned int)(*pkt_octet_len -
+                                    ((uint8_t*)enc_start - (uint8_t*)hdr));
    } else {
      enc_start = NULL;
    }
@@ -1386,7 +1386,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
   srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr;
   uint32_t *enc_start;      /* pointer to start of encrypted portion  */
   uint32_t *auth_start;     /* pointer to start of auth. portion      */
-  unsigned enc_octet_len = 0;/* number of octets in encrypted portion */
+  unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
   uint8_t *auth_tag = NULL; /* location of auth_tag within packet     */
   xtd_seq_num_t est;        /* estimated xtd_seq_num_t of *hdr        */
   int delta;                /* delta of local pkt idx and that in hdr */
@@ -1460,7 +1460,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
    */
   if (stream->rtp_cipher->algorithm == AES_128_GCM ||
       stream->rtp_cipher->algorithm == AES_256_GCM) {
-      return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, pkt_octet_len);
+      return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len);
   }
 
   /* get tag length from stream */
@@ -1521,10 +1521,10 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
       srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
       enc_start += (ntohs(xtn_hdr->length) + 1);
     }  
-    if (!(enc_start < (uint32_t*)hdr + *pkt_octet_len))
+    if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
       return err_status_parse_err;
-    enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len 
-                              - ((enc_start - (uint32_t *)hdr) << 2));
+    enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len -
+                               ((uint8_t*)enc_start - (uint8_t*)hdr));
   } else {
     enc_start = NULL;
   }
@@ -2210,12 +2210,12 @@ static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,
  */
 static err_status_t
 srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, 
-                        void *rtcp_hdr, int *pkt_octet_len)
+                        void *rtcp_hdr, unsigned int *pkt_octet_len)
 {
     srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr;
     uint32_t *enc_start;        /* pointer to start of encrypted portion  */
     uint32_t *trailer;          /* pointer to start of trailer            */
-    unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
     uint8_t *auth_tag = NULL;   /* location of auth_tag within packet     */
     err_status_t status;
     int tag_len;
@@ -2333,7 +2333,7 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
         * Even though we're not encrypting the payload, we need
         * to run the cipher to get the auth tag.
         */
-       unsigned nolen = 0;
+       unsigned int nolen = 0;
         status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);
         if (status) {
             return err_status_cipher_fail;
@@ -2363,12 +2363,12 @@ srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
  */
 static err_status_t
 srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, 
-                          void *srtcp_hdr, int *pkt_octet_len)
+                          void *srtcp_hdr, unsigned int *pkt_octet_len)
 {
     srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr;
     uint32_t *enc_start;        /* pointer to start of encrypted portion  */
     uint32_t *trailer;          /* pointer to start of trailer            */
-    unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
+    unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
     uint8_t *auth_tag = NULL;   /* location of auth_tag within packet     */
     err_status_t status;
     int tag_len;
@@ -2543,7 +2543,7 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
   uint32_t *enc_start;      /* pointer to start of encrypted portion  */
   uint32_t *auth_start;     /* pointer to start of auth. portion      */
   uint32_t *trailer;        /* pointer to start of trailer            */
-  unsigned enc_octet_len = 0;/* number of octets in encrypted portion */
+  unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
   uint8_t *auth_tag = NULL; /* location of auth_tag within packet     */
   err_status_t status;   
   int tag_len;
@@ -2607,7 +2607,7 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
    */
   if (stream->rtp_cipher->algorithm == AES_128_GCM ||
       stream->rtp_cipher->algorithm == AES_256_GCM) {
-      return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, pkt_octet_len);
+      return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len);
   }
 
   /* get tag length from stream context */
@@ -2740,12 +2740,12 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
   uint32_t *enc_start;      /* pointer to start of encrypted portion  */
   uint32_t *auth_start;     /* pointer to start of auth. portion      */
   uint32_t *trailer;        /* pointer to start of trailer            */
-  unsigned enc_octet_len = 0;/* number of octets in encrypted portion */
+  unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
   uint8_t *auth_tag = NULL; /* location of auth_tag within packet     */
   uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
   uint8_t tag_copy[SRTP_MAX_TAG_LEN];
   err_status_t status;   
-  unsigned auth_len;
+  unsigned int auth_len;
   int tag_len;
   srtp_stream_ctx_t *stream;
   int prefix_len;
@@ -2754,6 +2754,13 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
   int sec_serv_confidentiality; /* whether confidentiality was requested */
 
   /* we assume the hdr is 32-bit aligned to start */
+
+  /* check that the length value is sane; we'll check again once we
+     know the tag length, but we at least want to know that it is
+     a positive value */
+  if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t))
+    return err_status_bad_param;
+
   /*
    * look up ssrc in srtp_stream list, and process the packet with 
    * the appropriate stream.  if we haven't seen this stream before,
@@ -2796,9 +2803,9 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
   /* check the packet length - it must contain at least a full RTCP
      header, an auth tag (if applicable), and the SRTCP encrypted flag
      and 31-bit index value */
-  if (*pkt_octet_len < (octets_in_rtcp_header + tag_len +
-                        sizeof(srtcp_trailer_t)))
+  if (*pkt_octet_len < (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t))) {
     return err_status_bad_param;
+  }
 
   /*
    * Check if this is an AEAD stream (GCM mode).  If so, then dispatch
@@ -2806,7 +2813,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
    */
   if (stream->rtp_cipher->algorithm == AES_128_GCM ||
       stream->rtp_cipher->algorithm == AES_256_GCM) {
-      return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, pkt_octet_len);
+      return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len);
   }
 
   sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf ||

diff --git a/libs/srtp/test/rtpw_test_gcm.sh b/libs/srtp/test/rtpw_test_gcm.sh
old mode 100644 (file)
new mode 100755 (executable)