Commit Graph

127 Commits

Author SHA1 Message Date
Chris Rienzo 7bfc9a514f [build] remove generated libs/srtp/config_in.h file and add some git ignores 2021-10-23 22:00:56 +03:00
Andrey Volk d1220d1818 [libsrtp] Fix build on MAC OS 2021-09-30 17:13:21 +03:00
Andrey Volk bddff9a2f1 [Build-System] Update libsrtp to 2.4.0 2021-08-28 23:54:38 +03:00
Andrey Volk 0275ea1eb4 [Build-System] Use $(DefaultPlatformToolset) so it's easier to build using newer Microsoft Visual Studio versions. 2020-05-25 14:18:25 +04:00
Andrey Volk 148e02bc67 [srtp] scan-build: Fix dead assignments. 2020-02-19 21:14:02 +04:00
Andrey Volk 9b05fabd53 FS-11966: [core] Fix regression after libsrtp upgrade to 2.2.0 resulting in no audio 2019-07-29 14:57:51 +04:00
Chris Rienzo bd96911f4f FS-11816 [Build-System] srtp build issue 2019-07-17 22:08:51 +04:00
Andrey Volk f82321ee0c FS-11816: [Build-System] Update libsrtp to 2.2.0 2019-07-17 22:05:39 +04:00
Andrey Volk 671da28796 FS-11263: [Build-System] Move FreeSWITCH build system to Visual Studio 2017 on Windows. 2018-07-24 07:21:55 +00:00
Brian West b5daae72da FS-10945: [Build-System] build fails for Master #resolve 2018-07-24 07:21:47 +00:00
Andrey Volk ea8c3be8ec FS-10541: [Build-System] Move OpenSSL to props with BaseDir on windows. 2017-10-07 22:50:48 +03:00
Mike Jerris 3bcf5b7ff8 FS-9785: upgrade libsrtp to 2.1 2017-06-26 14:14:36 -05:00
Spencer Thomason c08809e290 FS-8783: [libsrtp] Fix alignment issue
Backport upstream alignment fix to correct bus error on platforms
that require strict memory alignment such as SPARC

FS-8783 #resolve

From upstream:
commit 4d8430a504137509f23b5a19f8a06b6df0f651cc
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Fri Nov 7 00:13:10 2014 +0100

While setting the IV for AES ICM the nonce is simply typecast from
a void * to a v128_t *. This breaches alignment requirements for
v128_t objects on platforms that require it.
Instead make a copy of the nonce to assure proper alignment.
2016-07-22 07:37:21 -07:00
Mike Jerris 2e3e09cb38 FS-7966: fix more msvc 2015 build warnings. 2015-08-31 13:26:36 -04:00
Michael Jerris 164c6111a1 FS-7966: remove some older versions of msvc build system as these will no longer work soon, please use 2015 instead 2015-08-31 10:19:10 -05:00
Michael Giagnocavo 5e456fe9a6 FS-7966. First pass at moving to Visual Studio 2015.
The new C compiler breaks a lot of things. snprintf and timespec now exist, and redefining causes an error.
Many more things are warnings, so warnings-as-errors will fail - remove it from some projects for now.
V8: don't pass VS version to build batch file.
mod_sofia: Config has too-long if/elseif chain. Break this up to avoid "parser stack overflow; program too complex".
Add mod_conference.h to project and dir to includes.
2015-08-21 18:28:32 -04:00
Michael Giagnocavo f116387443 FS-7644. Change 2013.vcxproj references to 2013 2015-06-18 04:17:53 -06:00
Jeff Lenk 345e50d25a FS-7644 2015-06-11 15:29:28 -05:00
Michael Jerris 2cc0348422 FS-7635: remove msvc 2005 2008 and 2010 non working build systems. There are now multiple more recent (3 different ones) and some free versions of the compiler that can be used. 2015-06-10 16:33:14 -04:00
Anthony Minessale 7cf5a84634 FS-7122 reversion 2015-02-16 16:06:43 -06:00
Anthony Minessale 90ab1d16f5 fix cent5 build 2015-01-21 02:01:54 -06:00
William King 51f2442a9e resolve an automake warning about subdirs on latest automake
Latest automake will detect then warn if the Makefile uses source
files that are in subdirectories, but the subdirs option is not
set. In the FreeSWITCH build system the current expected behavior is
to expect the subdirs option to be enabled.

FS-7122 #resolve
2015-01-07 10:04:29 -08:00
Jeff Lenk b3d71917d2 FS-6870 #comment vs2010 and vs2012 would rather fix it this way 2014-10-01 17:53:51 -05:00
Jeff Lenk 661269a46f Revert "FS-6870 #vs2012 and vs2010 make download of openssl dependent"
This reverts commit a39db86863.
2014-10-01 17:49:21 -05:00
Jeff Lenk a39db86863 FS-6870 #vs2012 and vs2010 make download of openssl dependent 2014-09-30 21:30:48 -05:00
Peter Wu 98502947c8 libsrtp: do not include unnecessary sources
These two files should only be built when OpenSSL is not enabled. See
the configure script of the original sources and Makefile from upstream.
(RNG_EXTRA_OBJS)

Fixes a -Wimplicit-function-declaration warning.
2014-08-13 18:52:18 +00:00
Peter Olsson 17d6c5b850 FS-6578 #comment fixed #resolve 2014-07-19 18:06:01 +02:00
Michael Jerris a99f06dfc6 sync changes from srtp upstream 2014-07-08 10:26:08 -04:00
jfigus 024162cfc9 Add support for 16-byte auth tag for AES GCM mode. 2014-06-30 19:18:20 +00:00
jfigus b9da5149e2 Set the algorithm member on cipher_t when allocating AES crypto instance. Apply same fix to NULL cipher. 2014-06-30 19:18:20 +00:00
Travis Cross aa4261d11f Avoid buffer-overflow on short RTCP/SRTCP packets
In `srtp_unprotect_rtcp()` we are not validating that the packet
length is as long as the minimum required.  This would cause
`enc_octet_len` to underflow, which would cause us to try to decrypt
data past the end of the packet in memory -- a buffer over-read and
buffer overflow.

In `srtp_protect_rtcp()`, we were similarly not validating the packet
length.  Here we were also polluting the address of the SRTCP
encrypted flag and index (the `trailer`), causing us to write one word
to a bogus memory address before getting to the encryption where we
would also overflow.

In this commit we add checks to appropriately validate the RTCP/SRTCP
packet lengths.

`srtp_unprotect_rtcp_aead()` (but not protect) did correctly validate
the packet length; this check would now be redundant as the check in
`srtcp_unprotect_rtcp()` will also run first, so it has been removed.
2014-06-30 19:00:35 +00:00
Travis Cross 9ea93c4c50 Avoid buffer over-read on null cipher AEAD
In the defined AEAD modes, SRTP packets must always be encrypted and
authenticated, but SRTCP packets may be only authenticated.  It's
possible, therefore, for us to end up in `srtp_protect_aead()` without
the `sec_serv_conf` bit being set.  We should just ignore this and
encrypt the RTP packet anyway.

What we are doing instead is encrypting the packet anyway, but setting
`enc_start` to NULL first.  This causes `aad_len` to underflow which
will cause us to over-read in `cipher_set_aad()`.

If we could get past that, we would try to read and write memory
starting at 0x0 down in `cipher_encrypt()`.

This commit causes us to not check the `sec_serv_conf` bit and never
set `enc_start` to NULL in `srtp_protect_aead()`.

`srtp_unprotect_aead()` does not contain a similar error.
2014-06-30 19:00:35 +00:00
Travis Cross 3bf2b9af75 Prevent buffer overflow from untrusted RTP/SRTP lengths
When computing the start address of the RTP data to encrypt or SRTP
data to decrypt (`enc_start`), we are using `hdr->cc` (the CSRC
count), which is untrusted data from the packet, and the length field
of an RTP header extension, which is also untrusted and unchecked data
from the packet.

This value then pollutes our calculation of how much data we'll be
encrypting or decrypting (`enc_octet_len`), possibly causing us to
underflow.

We'll then call `cipher_encrypt()` or `cipher_decrypt()` with these
two values, causing us to read from and write to arbitrary addresses
in memory.

(In the AEAD functions, we'd also pollute `aad_len`, which would cause
us to read undefined memory in `cipher_set_aad`.)

This commit adds checks to verify that the `enc_start` we calculate is
sane based on the actual packet length.
2014-06-30 19:00:35 +00:00
Travis Cross d2aaf15992 Fix misspelling in comment 2014-06-30 19:00:34 +00:00
Peter Olsson 295964f0ec FS-6457 --resolve
Upgrade to OpenSSL 1.0.1g in Windows build (Visual Studio 2010 and 2012)
2014-04-13 10:01:17 +02:00
Anthony Minessale 53c77f8434 force srtp rebuild 2014-04-09 03:14:52 +05:00
Dmitry Sobinov 80e203442a - fixed read of memory out of 'seq' variable bounds
- fixed AEAD IV calculation for big-endian machines
2014-04-08 16:13:52 +00:00
jfigus a31491d5b6 This commit resolves issue #46. The GCM mode was using the wrong master SALT length. The master SALT should be 96 bits instead of 112 bits. Note, GCM mode uses the legacy CTR mode for the KDF. The legagacy CTR mode cipher implementations assume a 112 bit SALT. Changes to the cipher abstraction layer API are required to provide the ability to specify the SALT length. For now this commit modifies the SRTP layer to ensure the SALT is zero-appended before initializing the KDF. This commit also provides public definitions for the GCM cipher suite master key sizes to avoid confusion for application developers. 2014-04-08 15:25:39 +00:00
Michael Jerris 4216e3e056 remove DYNAMIC_LIB_EXTEN because we use libtool to figure this all out now 2014-03-14 18:04:07 -04:00
Michael Jerris 2513388d8a clean up some bootstrap warnings 2014-03-07 18:36:26 -05:00
Travis Cross 38fe0a99d3 Prevent sha1_init et al from being undefined
sha1_init, sha1_update, and sha1_final were ending up as undefined
symbols in libfreeswitch.so because of the inline declaration, which
caused us to blow up while linking the freeswitch executable.  Declare
these as static inline instead.
2014-02-28 18:33:32 +00:00
Travis Cross c011f9daff Remove binary executables in libs/srtp
These files were introduced in commit 72e2d183c1.
2014-02-28 18:33:32 +00:00
Seven Du 4fd93b0e67 Revert "fix compiler warning vs2010" - Jeff is faster than I
This reverts commit fa9217117a.
2014-02-25 14:24:34 +08:00
Seven Du fa9217117a fix compiler warning vs2010 2014-02-25 14:17:28 +08:00
Jeff Lenk 4a1f8785e4 mask warnings libsrtp windows 32bit 2014-02-24 22:42:16 -06:00
Jeff Lenk 99ab915f24 windows update libsrtp to use openssl 2014-02-24 20:13:12 -06:00
Michael Jerris 6e97a9f55b FS-6017: --resolve no reason to have extra check for cross compile 2014-02-24 17:43:21 -05:00
Michael Jerris e9a0a0edc9 fix asm issue on sun 2014-02-24 15:28:03 -05:00
Michael Jerris bab923923a missed file 2014-02-24 10:32:34 -05:00
Michael Jerris 80c7eb85e6 update libsrtp to use openssl 2014-02-24 09:52:25 -05:00