* [gentoo-commits] repo/gentoo:master commit in: net-libs/libsrtp/files/, net-libs/libsrtp/
@ 2018-12-22 19:34 Craig Andrews
0 siblings, 0 replies; 3+ messages in thread
From: Craig Andrews @ 2018-12-22 19:34 UTC (permalink / raw
To: gentoo-commits
commit: 18291de3d601dfa31b3cf7b34bc3e58f03cd4dd2
Author: Craig Andrews <candrews <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 13 14:21:13 2018 +0000
Commit: Craig Andrews <candrews <AT> gentoo <DOT> org>
CommitDate: Sat Dec 22 19:33:42 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18291de3
net-libs/libsrtp: 1.6.0-r1 OpenSSL 1.1 compatibility
Uses the patches from FreeBSD, see
https://svnweb.freebsd.org/ports?view=revision&revision=472170
Also EAPI=7
Closes: https://bugs.gentoo.org/666160
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org>
.../libsrtp/files/libsrtp-1.6.0-openssl-1.1.patch | 361 +++++++++++++++++++++
.../files/libsrtp-1.6.0-openssl-aem_gcm-key.patch | 83 +++++
.../files/libsrtp-1.6.0-openssl-aem_icm-key.patch | 113 +++++++
.../libsrtp/files/libsrtp-1.6.0-openssl-hmac.patch | 254 +++++++++++++++
net-libs/libsrtp/libsrtp-1.6.0-r1.ebuild | 90 +++++
5 files changed, 901 insertions(+)
diff --git a/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-1.1.patch b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-1.1.patch
new file mode 100644
index 00000000000..5d17cb426e8
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-1.1.patch
@@ -0,0 +1,361 @@
+Backport of https://github.com/cisco/libsrtp/commit/0b45423678ddc46d702f3a51614f20bfbd112ddd
+
+--- a/crypto/cipher/aes_gcm_ossl.c 2018-06-11 07:46:09 UTC
++++ b/crypto/cipher/aes_gcm_ossl.c
+@@ -117,6 +117,14 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int
+ }
+ memset(gcm, 0x0, sizeof(aes_gcm_ctx_t));
+
++ gcm->ctx = EVP_CIPHER_CTX_new();
++ if (gcm->ctx == NULL) {
++ crypto_free(gcm);
++ crypto_free(*c);
++ *c = NULL;
++ return err_status_alloc_fail;
++ }
++
+ /* set pointers */
+ (*c)->state = gcm;
+
+@@ -140,7 +148,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int
+
+ /* set key size */
+ (*c)->key_len = key_len;
+- EVP_CIPHER_CTX_init(&gcm->ctx);
+
+ return (err_status_ok);
+ }
+@@ -155,7 +162,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
+
+ ctx = (aes_gcm_ctx_t*)c->state;
+ if (ctx) {
+- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
++ EVP_CIPHER_CTX_free(ctx->ctx);
+ /* decrement ref_count for the appropriate engine */
+ switch (ctx->key_size) {
+ case AES_256_KEYSIZE:
+@@ -205,7 +212,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx
+ break;
+ }
+
+- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) {
++ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
+ return (err_status_init_fail);
+ }
+
+@@ -227,19 +234,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c,
+
+ debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv));
+
+- if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL,
++ if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL,
+ NULL, (c->dir == direction_encrypt ? 1 : 0))) {
+ return (err_status_init_fail);
+ }
+
+ /* set IV len and the IV value, the followiong 3 calls are required */
+- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+ return (err_status_init_fail);
+ }
+- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
+ return (err_status_init_fail);
+ }
+- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
+ return (err_status_init_fail);
+ }
+
+@@ -263,9 +270,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c
+ * Set dummy tag, OpenSSL requires the Tag to be set before
+ * processing AAD
+ */
+- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
+
+- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
++ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
+ if (rv != aad_len) {
+ return (err_status_algo_fail);
+ } else {
+@@ -291,7 +298,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c
+ /*
+ * Encrypt the data
+ */
+- EVP_Cipher(&c->ctx, buf, buf, *enc_len);
++ EVP_Cipher(c->ctx, buf, buf, *enc_len);
+
+ return (err_status_ok);
+ }
+@@ -313,12 +320,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c
+ /*
+ * Calculate the tag
+ */
+- EVP_Cipher(&c->ctx, NULL, NULL, 0);
++ EVP_Cipher(c->ctx, NULL, NULL, 0);
+
+ /*
+ * Retreive the tag
+ */
+- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+
+ /*
+ * Increase encryption length by desired tag size
+@@ -347,14 +354,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c
+ /*
+ * Set the tag before decrypting
+ */
+- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+ buf + (*enc_len - c->tag_len));
+- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
++ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
+
+ /*
+ * Check the tag
+ */
+- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
++ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
+ return (err_status_auth_fail);
+ }
+
+--- a/crypto/cipher/aes_icm_ossl.c 2018-06-11 07:46:00 UTC
++++ b/crypto/cipher/aes_icm_ossl.c
+@@ -144,6 +144,14 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int
+ }
+ memset(icm, 0x0, sizeof(aes_icm_ctx_t));
+
++ icm->ctx = EVP_CIPHER_CTX_new();
++ if (icm->ctx == NULL) {
++ crypto_free(icm);
++ crypto_free(*c);
++ *c = NULL;
++ return err_status_alloc_fail;
++ }
++
+ /* set pointers */
+ (*c)->state = icm;
+
+@@ -173,7 +181,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int
+
+ /* set key size */
+ (*c)->key_len = key_len;
+- EVP_CIPHER_CTX_init(&icm->ctx);
+
+ return err_status_ok;
+ }
+@@ -195,7 +202,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
+ */
+ ctx = (aes_icm_ctx_t*)c->state;
+ if (ctx != NULL) {
+- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
++ EVP_CIPHER_CTX_free(ctx->ctx);
+ /* decrement ref_count for the appropriate engine */
+ switch (ctx->key_size) {
+ case AES_256_KEYSIZE:
+@@ -257,8 +264,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
+ debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size));
+ debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+
+- EVP_CIPHER_CTX_init(&c->ctx);
+-
+ switch (c->key_size) {
+ case AES_256_KEYSIZE:
+ evp = EVP_aes_256_ctr();
+@@ -276,7 +281,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
+ break;
+ }
+
+- if (!EVP_EncryptInit_ex(&c->ctx, evp,
++ if (!EVP_EncryptInit_ex(c->ctx, evp,
+ NULL, key, NULL)) {
+ return err_status_fail;
+ } else {
+@@ -304,7 +309,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c,
+
+ debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
+
+- if (!EVP_EncryptInit_ex(&c->ctx, NULL,
++ if (!EVP_EncryptInit_ex(c->ctx, NULL,
+ NULL, NULL, c->counter.v8)) {
+ return err_status_fail;
+ } else {
+@@ -326,12 +331,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c
+
+ debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
+
+- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
++ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
+ return err_status_cipher_fail;
+ }
+ *enc_len = len;
+
+- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
++ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
+ return err_status_cipher_fail;
+ }
+ *enc_len += len;
+--- a/crypto/hash/hmac_ossl.c 2018-06-11 07:45:39 UTC
++++ b/crypto/hash/hmac_ossl.c
+@@ -65,8 +65,6 @@ err_status_t
+ hmac_alloc (auth_t **a, int key_len, int out_len)
+ {
+ extern auth_type_t hmac;
+- uint8_t *pointer;
+- HMAC_CTX *new_hmac_ctx;
+
+ debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
+ debug_print(mod_hmac, " tag length %d", out_len);
+@@ -76,21 +74,43 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
+ return err_status_bad_param;
+ }
+
+- /* allocate memory for auth and HMAC_CTX structures */
+- pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t));
+- if (pointer == NULL) {
++/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
++ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
++ {
++ /* allocate memory for auth and HMAC_CTX structures */
++ uint8_t* pointer;
++ HMAC_CTX *new_hmac_ctx;
++ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t));
++ if (pointer == NULL) {
++ return err_status_alloc_fail;
++ }
++ *a = (auth_t*)pointer;
++ (*a)->state = pointer + sizeof(auth_t);
++ new_hmac_ctx = (HMAC_CTX*)((*a)->state);
++
++ HMAC_CTX_init(new_hmac_ctx);
++ }
++
++#else
++ *a = (auth_t*)crypto_alloc(sizeof(auth_t));
++ if (*a == NULL) {
+ return err_status_alloc_fail;
+ }
+
++ (*a)->state = HMAC_CTX_new();
++ if ((*a)->state == NULL) {
++ crypto_free(*a);
++ *a = NULL;
++ return err_status_alloc_fail;
++ }
++#endif
++
+ /* set pointers */
+- *a = (auth_t*)pointer;
+ (*a)->type = &hmac;
+- (*a)->state = pointer + sizeof(auth_t);
+ (*a)->out_len = out_len;
+ (*a)->key_len = key_len;
+ (*a)->prefix_len = 0;
+- new_hmac_ctx = (HMAC_CTX*)((*a)->state);
+- HMAC_CTX_init(new_hmac_ctx);
+
+ /* increment global count of all hmac uses */
+ hmac.ref_count++;
+@@ -106,11 +126,19 @@ hmac_dealloc (auth_t *a)
+
+ hmac_ctx = (HMAC_CTX*)a->state;
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ HMAC_CTX_cleanup(hmac_ctx);
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero((uint8_t*)a,
+ sizeof(HMAC_CTX) + sizeof(auth_t));
++
++#else
++ HMAC_CTX_free(hmac_ctx);
++
++ /* zeroize entire state*/
++ octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t));
++#endif
+
+ /* free memory */
+ crypto_free(a);
+--- a/crypto/include/aes_gcm_ossl.h 2018-06-11 07:46:09 UTC
++++ b/crypto/include/aes_gcm_ossl.h
+@@ -54,7 +54,7 @@
+ typedef struct {
+ int key_size;
+ int tag_len;
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX* ctx;
+ cipher_direction_t dir;
+ } aes_gcm_ctx_t;
+
+--- a/crypto/include/aes_icm_ossl.h 2018-06-11 07:46:00 UTC
++++ b/crypto/include/aes_icm_ossl.h
+@@ -71,7 +71,7 @@ typedef struct {
+ v128_t counter; /* holds the counter value */
+ v128_t offset; /* initial offset value */
+ int key_size;
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX* ctx;
+ } aes_icm_ctx_t;
+
+ err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
+--- a/crypto/include/sha1.h 2017-08-01 11:57:38 UTC
++++ b/crypto/include/sha1.h
+@@ -56,8 +56,6 @@
+ #include <openssl/evp.h>
+ #include <stdint.h>
+
+-typedef EVP_MD_CTX sha1_ctx_t;
+-
+ /*
+ * sha1_init(&ctx) initializes the SHA1 context ctx
+ *
+@@ -72,6 +70,12 @@ typedef EVP_MD_CTX sha1_ctx_t;
+ *
+ */
+
++/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
++ using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
++
++typedef EVP_MD_CTX sha1_ctx_t;
++
+ static inline void sha1_init (sha1_ctx_t *ctx)
+ {
+ EVP_MD_CTX_init(ctx);
+@@ -88,7 +92,33 @@ static inline void sha1_final (sha1_ctx_t *ctx, uint32
+ unsigned int len = 0;
+
+ EVP_DigestFinal(ctx, (unsigned char*)output, &len);
++ EVP_MD_CTX_cleanup(ctx);
+ }
++
++#else
++
++typedef EVP_MD_CTX* sha1_ctx_t;
++
++static inline void sha1_init (sha1_ctx_t *ctx)
++{
++ *ctx = EVP_MD_CTX_new();
++ EVP_DigestInit(*ctx, EVP_sha1());
++}
++
++static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
++{
++ EVP_DigestUpdate(*ctx, M, octets_in_msg);
++}
++
++static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
++{
++ unsigned int len = 0;
++
++ EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
++ EVP_MD_CTX_free(*ctx);
++}
++#endif
++
+ #else
+ #include "datatypes.h"
+
diff --git a/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-aem_gcm-key.patch b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-aem_gcm-key.patch
new file mode 100644
index 00000000000..c85e3750a1b
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-aem_gcm-key.patch
@@ -0,0 +1,83 @@
+Backport of https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac
+
+--- a/crypto/cipher/aes_gcm_ossl.c 2018-06-10 18:51:02 UTC
++++ b/crypto/cipher/aes_gcm_ossl.c
+@@ -187,22 +187,28 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
+ */
+ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
+ {
++ const EVP_CIPHER *evp;
++
+ c->dir = direction_any;
+
+- /* copy key to be used later when CiscoSSL crypto context is created */
+- v128_copy_octet_string((v128_t*)&c->key, key);
++ debug_print(mod_aes_gcm, "key: %s", octet_string_hex_string(key, c->key_size));
+
+- if (c->key_size == AES_256_KEYSIZE) {
+- debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s",
+- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
+- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1,
+- key + AES_128_KEYSIZE);
++ switch (c->key_size) {
++ case AES_256_KEYSIZE:
++ evp = EVP_aes_256_gcm();
++ break;
++ case AES_128_KEYSIZE:
++ evp = EVP_aes_128_gcm();
++ break;
++ default:
++ return (err_status_bad_param);
++ break;
+ }
+
+- debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
++ if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) {
++ return (err_status_init_fail);
++ }
+
+- EVP_CIPHER_CTX_cleanup(&c->ctx);
+-
+ return (err_status_ok);
+ }
+
+@@ -214,8 +220,6 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx
+ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
+ int direction)
+ {
+- const EVP_CIPHER *evp;
+-
+ if (direction != direction_encrypt && direction != direction_decrypt) {
+ return (err_status_bad_param);
+ }
+@@ -223,19 +227,7 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c,
+
+ debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv));
+
+- switch (c->key_size) {
+- case AES_256_KEYSIZE:
+- evp = EVP_aes_256_gcm();
+- break;
+- case AES_128_KEYSIZE:
+- evp = EVP_aes_128_gcm();
+- break;
+- default:
+- return (err_status_bad_param);
+- break;
+- }
+-
+- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
++ if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL,
+ NULL, (c->dir == direction_encrypt ? 1 : 0))) {
+ return (err_status_init_fail);
+ }
+--- a/crypto/include/aes_gcm_ossl.h 2017-08-01 11:57:38 UTC
++++ b/crypto/include/aes_gcm_ossl.h
+@@ -52,7 +52,6 @@
+ #include <openssl/aes.h>
+
+ typedef struct {
+- v256_t key;
+ int key_size;
+ int tag_len;
+ EVP_CIPHER_CTX ctx;
diff --git a/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-aem_icm-key.patch b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-aem_icm-key.patch
new file mode 100644
index 00000000000..1c2cf3ff205
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-aem_icm-key.patch
@@ -0,0 +1,113 @@
+Backport of https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b
+
+--- a/crypto/cipher/aes_icm_ossl.c 2018-06-10 20:33:16 UTC
++++ b/crypto/cipher/aes_icm_ossl.c
+@@ -235,6 +235,8 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
+ */
+ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)
+ {
++ const EVP_CIPHER *evp;
++
+ /*
+ * set counter and initial values to 'offset' value, being careful not to
+ * go past the end of the key buffer
+@@ -252,30 +254,35 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
+ c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
+ c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;
+
+- /* copy key to be used later when CiscoSSL crypto context is created */
+- v128_copy_octet_string((v128_t*)&c->key, key);
++ debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size));
++ debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+
+- /* if the key is greater than 16 bytes, copy the second
+- * half. Note, we treat AES-192 and AES-256 the same here
+- * for simplicity. The storage location receiving the
+- * key is statically allocated to handle a full 32 byte key
+- * regardless of the cipher in use.
+- */
+- if (c->key_size == AES_256_KEYSIZE
++ EVP_CIPHER_CTX_init(&c->ctx);
++
++ switch (c->key_size) {
++ case AES_256_KEYSIZE:
++ evp = EVP_aes_256_ctr();
++ break;
+ #ifndef SRTP_NO_AES192
+- || c->key_size == AES_192_KEYSIZE
++ case AES_192_KEYSIZE:
++ evp = EVP_aes_192_ctr();
++ break;
+ #endif
+- ) {
+- debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
+- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
+- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
++ case AES_128_KEYSIZE:
++ evp = EVP_aes_128_ctr();
++ break;
++ default:
++ return err_status_bad_param;
++ break;
+ }
+
+- debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
+- debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
++ if (!EVP_EncryptInit_ex(&c->ctx, evp,
++ NULL, key, NULL)) {
++ return err_status_fail;
++ } else {
++ return err_status_ok;
++ }
+
+- EVP_CIPHER_CTX_cleanup(&c->ctx);
+-
+ return err_status_ok;
+ }
+
+@@ -286,7 +293,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx
+ */
+ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
+ {
+- const EVP_CIPHER *evp;
+ v128_t nonce;
+
+ /* set nonce (for alignment) */
+@@ -298,25 +304,8 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c,
+
+ debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
+
+- switch (c->key_size) {
+- case AES_256_KEYSIZE:
+- evp = EVP_aes_256_ctr();
+- break;
+-#ifndef SRTP_NO_AES192
+- case AES_192_KEYSIZE:
+- evp = EVP_aes_192_ctr();
+- break;
+-#endif
+- case AES_128_KEYSIZE:
+- evp = EVP_aes_128_ctr();
+- break;
+- default:
+- return err_status_bad_param;
+- break;
+- }
+-
+- if (!EVP_EncryptInit_ex(&c->ctx, evp,
+- NULL, c->key.v8, c->counter.v8)) {
++ if (!EVP_EncryptInit_ex(&c->ctx, NULL,
++ NULL, NULL, c->counter.v8)) {
+ return err_status_fail;
+ } else {
+ return err_status_ok;
+--- a/crypto/include/aes_icm_ossl.h 2017-08-01 11:57:38 UTC
++++ b/crypto/include/aes_icm_ossl.h
+@@ -70,7 +70,6 @@
+ typedef struct {
+ v128_t counter; /* holds the counter value */
+ v128_t offset; /* initial offset value */
+- v256_t key;
+ int key_size;
+ EVP_CIPHER_CTX ctx;
+ } aes_icm_ctx_t;
diff --git a/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-hmac.patch b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-hmac.patch
new file mode 100644
index 00000000000..c9973f214fc
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-1.6.0-openssl-hmac.patch
@@ -0,0 +1,254 @@
+Backport of https://github.com/cisco/libsrtp/commit/5781341d99cd286a1f3d164e0576c2e837a444b7
+
+--- a/crypto/hash/hmac_ossl.c 2017-08-01 11:57:38 UTC
++++ b/crypto/hash/hmac_ossl.c
+@@ -46,11 +46,12 @@
+ #include <config.h>
+ #endif
+
+-#include "hmac.h"
++#include "auth.h"
+ #include "alloc.h"
+ #include <openssl/evp.h>
++#include <openssl/hmac.h>
+
+-#define HMAC_KEYLEN_MAX 20
++#define SHA1_DIGEST_SIZE 20
+
+ /* the debug module for authentiation */
+
+@@ -65,26 +66,18 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
+ {
+ extern auth_type_t hmac;
+ uint8_t *pointer;
+- hmac_ctx_t *new_hmac_ctx;
++ HMAC_CTX *new_hmac_ctx;
+
+ debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
+ debug_print(mod_hmac, " tag length %d", out_len);
+
+- /*
+- * check key length - note that we don't support keys larger
+- * than 20 bytes yet
+- */
+- if (key_len > HMAC_KEYLEN_MAX) {
+- return err_status_bad_param;
+- }
+-
+ /* check output length - should be less than 20 bytes */
+- if (out_len > HMAC_KEYLEN_MAX) {
++ if (out_len > SHA1_DIGEST_SIZE) {
+ return err_status_bad_param;
+ }
+
+- /* allocate memory for auth and hmac_ctx_t structures */
+- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
++ /* allocate memory for auth and HMAC_CTX structures */
++ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t));
+ if (pointer == NULL) {
+ return err_status_alloc_fail;
+ }
+@@ -96,8 +89,8 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
+ (*a)->out_len = out_len;
+ (*a)->key_len = key_len;
+ (*a)->prefix_len = 0;
+- new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
+- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
++ new_hmac_ctx = (HMAC_CTX*)((*a)->state);
++ HMAC_CTX_init(new_hmac_ctx);
+
+ /* increment global count of all hmac uses */
+ hmac.ref_count++;
+@@ -109,19 +102,15 @@ err_status_t
+ hmac_dealloc (auth_t *a)
+ {
+ extern auth_type_t hmac;
+- hmac_ctx_t *hmac_ctx;
++ HMAC_CTX *hmac_ctx;
+
+- hmac_ctx = (hmac_ctx_t*)a->state;
+- if (hmac_ctx->ctx_initialized) {
+- EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
+- }
+- if (hmac_ctx->init_ctx_initialized) {
+- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
+- }
++ hmac_ctx = (HMAC_CTX*)a->state;
+
++ HMAC_CTX_cleanup(hmac_ctx);
++
+ /* zeroize entire state*/
+ octet_string_set_to_zero((uint8_t*)a,
+- sizeof(hmac_ctx_t) + sizeof(auth_t));
++ sizeof(HMAC_CTX) + sizeof(auth_t));
+
+ /* free memory */
+ crypto_free(a);
+@@ -133,113 +122,65 @@ hmac_dealloc (auth_t *a)
+ }
+
+ err_status_t
+-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
++hmac_init (HMAC_CTX *state, const uint8_t *key, int key_len)
+ {
+- int i;
+- uint8_t ipad[64];
++ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
++ return err_status_auth_fail;
+
+- /*
+- * check key length - note that we don't support keys larger
+- * than 20 bytes yet
+- */
+- if (key_len > HMAC_KEYLEN_MAX) {
+- return err_status_bad_param;
+- }
+-
+- /*
+- * set values of ipad and opad by exoring the key into the
+- * appropriate constant values
+- */
+- for (i = 0; i < key_len; i++) {
+- ipad[i] = key[i] ^ 0x36;
+- state->opad[i] = key[i] ^ 0x5c;
+- }
+- /* set the rest of ipad, opad to constant values */
+- for (; i < sizeof(ipad); i++) {
+- ipad[i] = 0x36;
+- ((uint8_t*)state->opad)[i] = 0x5c;
+- }
+-
+- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
+-
+- /* initialize sha1 context */
+- sha1_init(&state->init_ctx);
+- state->init_ctx_initialized = 1;
+-
+- /* hash ipad ^ key */
+- sha1_update(&state->init_ctx, ipad, sizeof(ipad));
+- return (hmac_start(state));
++ return err_status_ok;
+ }
+
+ err_status_t
+-hmac_start (hmac_ctx_t *state)
++hmac_start (HMAC_CTX *state)
+ {
+- if (state->ctx_initialized) {
+- EVP_MD_CTX_cleanup(&state->ctx);
+- }
+- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
++ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
+ return err_status_auth_fail;
+- } else {
+- state->ctx_initialized = 1;
+- return err_status_ok;
+- }
++
++ return err_status_ok;
+ }
+
+ err_status_t
+-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
++hmac_update (HMAC_CTX *state, const uint8_t *message, int msg_octets)
+ {
+ debug_print(mod_hmac, "input: %s",
+ octet_string_hex_string(message, msg_octets));
+
+- /* hash message into sha1 context */
+- sha1_update(&state->ctx, message, msg_octets);
++ if (HMAC_Update(state, message, msg_octets) == 0)
++ return err_status_auth_fail;
+
+ return err_status_ok;
+ }
+
+ err_status_t
+-hmac_compute (hmac_ctx_t *state, const void *message,
++hmac_compute (HMAC_CTX *state, const void *message,
+ int msg_octets, int tag_len, uint8_t *result)
+ {
+- uint32_t hash_value[5];
+- uint32_t H[5];
++ uint8_t hash_value[SHA1_DIGEST_SIZE];
+ int i;
++ unsigned int len;
+
+ /* check tag length, return error if we can't provide the value expected */
+- if (tag_len > HMAC_KEYLEN_MAX) {
++ if (tag_len > SHA1_DIGEST_SIZE) {
+ return err_status_bad_param;
+ }
+
+ /* hash message, copy output into H */
+- sha1_update(&state->ctx, message, msg_octets);
+- sha1_final(&state->ctx, H);
++ if (HMAC_Update(state, message, msg_octets) == 0)
++ return err_status_auth_fail;
+
+- /*
+- * note that we don't need to debug_print() the input, since the
+- * function hmac_update() already did that for us
+- */
+- debug_print(mod_hmac, "intermediate state: %s",
+- octet_string_hex_string((uint8_t*)H, sizeof(H)));
++ if (HMAC_Final(state, hash_value, &len) == 0)
++ return err_status_auth_fail;
+
+- /* re-initialize hash context */
+- sha1_init(&state->ctx);
++ if (len < tag_len)
++ return err_status_auth_fail;
+
+- /* hash opad ^ key */
+- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
+-
+- /* hash the result of the inner hash */
+- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
+-
+- /* the result is returned in the array hash_value[] */
+- sha1_final(&state->ctx, hash_value);
+-
+ /* copy hash_value to *result */
+ for (i = 0; i < tag_len; i++) {
+- result[i] = ((uint8_t*)hash_value)[i];
++ result[i] = hash_value[i];
+ }
+
+ debug_print(mod_hmac, "output: %s",
+- octet_string_hex_string((uint8_t*)hash_value, tag_len));
++ octet_string_hex_string(hash_value, tag_len));
+
+ return err_status_ok;
+ }
+@@ -248,7 +189,7 @@ hmac_compute (hmac_ctx_t *state, const void *message,
+ /* begin test case 0 */
+
+ uint8_t
+- hmac_test_case_0_key[HMAC_KEYLEN_MAX] = {
++ hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
+@@ -260,7 +201,7 @@ uint8_t
+ };
+
+ uint8_t
+- hmac_test_case_0_tag[HMAC_KEYLEN_MAX] = {
++ hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
+ 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
+ 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
+ 0xf1, 0x46, 0xbe, 0x00
+--- a/crypto/include/hmac.h 2017-08-01 11:57:38 UTC
++++ b/crypto/include/hmac.h
+@@ -53,10 +53,6 @@ typedef struct {
+ uint8_t opad[64];
+ sha1_ctx_t ctx;
+ sha1_ctx_t init_ctx;
+-#ifdef OPENSSL
+- int ctx_initialized;
+- int init_ctx_initialized;
+-#endif
+ } hmac_ctx_t;
+
+ err_status_t
diff --git a/net-libs/libsrtp/libsrtp-1.6.0-r1.ebuild b/net-libs/libsrtp/libsrtp-1.6.0-r1.ebuild
new file mode 100644
index 00000000000..9b3f9a9952b
--- /dev/null
+++ b/net-libs/libsrtp/libsrtp-1.6.0-r1.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools multilib-minimal
+
+DESCRIPTION="Open-source implementation of the Secure Real-time Transport Protocol (SRTP)"
+HOMEPAGE="https://github.com/cisco/libsrtp"
+SRC_URI="https://github.com/cisco/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0/1"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 -sparc ~x86 ~x86-fbsd ~ppc-macos ~x64-macos ~x86-macos"
+IUSE="aesicm console debug doc libressl openssl static-libs syslog test"
+
+RDEPEND="
+ openssl? (
+ !libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] )
+ libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
+ )
+"
+DEPEND="${RDEPEND}"
+
+DOCS=( CHANGES README TODO )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/srtp/config.h
+)
+PATCHES=(
+ "${FILESDIR}/${PN}-pcap-automagic-r0.patch"
+ "${FILESDIR}/${P}-openssl-hmac.patch"
+ "${FILESDIR}/${P}-openssl-aem_icm-key.patch"
+ "${FILESDIR}/${P}-openssl-aem_gcm-key.patch"
+ "${FILESDIR}/${P}-openssl-1.1.patch"
+)
+
+src_prepare() {
+ default
+
+ # test/rtpw.c is using /usr/share/dict/words assuming it exists
+ # using test/rtpw.c guaratees the file exists in any case
+ sed -i -e "s:/usr/share/dict/words:rtpw.c:" test/rtpw.c || die
+
+ mv configure.in configure.ac || die
+ eautoreconf
+}
+
+multilib_src_configure() {
+ # stdout: default error output for messages in debug
+ # kernel-linux: breaks the build
+ # gdoi: disabled by upstream and breaks the build
+ # pcap: seems to be test-only
+ ECONF_SOURCE=${S} \
+ econf \
+ --enable-stdout \
+ --disable-kernel-linux \
+ --disable-gdoi \
+ --disable-pcap \
+ $(use_enable aesicm generic-aesicm) \
+ $(use_enable console) \
+ $(use_enable debug) \
+ $(use_enable openssl) \
+ $(use_enable syslog)
+}
+
+multilib_src_compile() {
+ use static-libs && emake ${PN}.a
+ emake shared_library
+ use test && emake test
+}
+
+multilib_src_test() {
+ # work-around tests that do not like out-of-source builds
+ cp "${S}"/test/{getopt_s,rtpw}.c "${BUILD_DIR}"/test/ || die
+
+ LD_LIBRARY_PATH="${BUILD_DIR}" emake -j1 runtest
+
+ # Makefile.in has '$(testapp): libsrtp.a'
+ if use !static-libs; then
+ rm libsrtp.a || die
+ fi
+}
+
+multilib_src_install_all() {
+ # libsrtp.pdf can also be generated with doxygen
+ # but it would be a waste of time as an up-to-date version is built
+ use doc && DOCS+=( doc/*.txt doc/${PN}.pdf )
+ einstalldocs
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/libsrtp/files/, net-libs/libsrtp/
@ 2020-01-28 14:09 Mike Gilbert
0 siblings, 0 replies; 3+ messages in thread
From: Mike Gilbert @ 2020-01-28 14:09 UTC (permalink / raw
To: gentoo-commits
commit: 131011cbfcd351810e8cfe0350ddb17b2312f326
Author: Stephan Hartmann <stha09 <AT> googlemail <DOT> com>
AuthorDate: Mon Jan 27 09:19:51 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Jan 28 14:09:28 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=131011cb
net-libs/libsrtp: fix building with gcc-10
Closes: https://bugs.gentoo.org/706608
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Stephan Hartmann <stha09 <AT> googlemail.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/14470
net-libs/libsrtp/files/libsrtp-2.2.0-gcc-10.patch | 26 +++++++++++++++++++++++
net-libs/libsrtp/libsrtp-2.2.0.ebuild | 7 ++++--
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/net-libs/libsrtp/files/libsrtp-2.2.0-gcc-10.patch b/net-libs/libsrtp/files/libsrtp-2.2.0-gcc-10.patch
new file mode 100644
index 00000000000..771ae0f5144
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-2.2.0-gcc-10.patch
@@ -0,0 +1,26 @@
+diff --git a/crypto/math/datatypes.c b/crypto/math/datatypes.c
+index c0dfece..ec2fe6d 100644
+--- a/crypto/math/datatypes.c
++++ b/crypto/math/datatypes.c
+@@ -79,7 +79,7 @@ int octet_get_weight(uint8_t octet)
+
+ /* the value MAX_PRINT_STRING_LEN is defined in datatypes.h */
+
+-char bit_string[MAX_PRINT_STRING_LEN];
++static char bit_string[MAX_PRINT_STRING_LEN];
+
+ uint8_t srtp_nibble_to_hex_char(uint8_t nibble)
+ {
+diff --git a/test/util.c b/test/util.c
+index eb203f4..04e149c 100644
+--- a/test/util.c
++++ b/test/util.c
+@@ -47,7 +47,7 @@
+ #include <string.h>
+ #include <stdint.h>
+
+-char bit_string[MAX_PRINT_STRING_LEN];
++static char bit_string[MAX_PRINT_STRING_LEN];
+
+ static inline int hex_char_to_nibble(uint8_t c)
+ {
diff --git a/net-libs/libsrtp/libsrtp-2.2.0.ebuild b/net-libs/libsrtp/libsrtp-2.2.0.ebuild
index a6f4fc333d8..1ee4065fcb3 100644
--- a/net-libs/libsrtp/libsrtp-2.2.0.ebuild
+++ b/net-libs/libsrtp/libsrtp-2.2.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -25,7 +25,10 @@ DEPEND="${RDEPEND}"
DOCS=( CHANGES )
-PATCHES=( "${FILESDIR}/${P}-pcap-automagic-r0.patch" )
+PATCHES=(
+ "${FILESDIR}/${P}-pcap-automagic-r0.patch"
+ "${FILESDIR}/${P}-gcc-10.patch"
+)
src_prepare() {
default
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-libs/libsrtp/files/, net-libs/libsrtp/
@ 2020-06-12 16:56 Mike Gilbert
0 siblings, 0 replies; 3+ messages in thread
From: Mike Gilbert @ 2020-06-12 16:56 UTC (permalink / raw
To: gentoo-commits
commit: 67270353460d76130476dea6730903a595db3153
Author: Stephan Hartmann <stha09 <AT> googlemail <DOT> com>
AuthorDate: Fri Jun 12 16:53:01 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Jun 12 16:55:57 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67270353
net-libs/libsrtp: version bump to 2.3.0
Closes: https://bugs.gentoo.org/723492
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Stephan Hartmann <stha09 <AT> googlemail.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16204
net-libs/libsrtp/Manifest | 1 +
net-libs/libsrtp/files/libsrtp-2.3.0-gcc-10.patch | 26 +++++++
net-libs/libsrtp/files/libsrtp-2.3.0-nss.patch | 12 +++
net-libs/libsrtp/libsrtp-2.3.0.ebuild | 95 +++++++++++++++++++++++
net-libs/libsrtp/metadata.xml | 1 +
5 files changed, 135 insertions(+)
diff --git a/net-libs/libsrtp/Manifest b/net-libs/libsrtp/Manifest
index bc57e86e9e4..4cdfe368ac8 100644
--- a/net-libs/libsrtp/Manifest
+++ b/net-libs/libsrtp/Manifest
@@ -1,2 +1,3 @@
DIST libsrtp-1.6.0.tar.gz 1648862 BLAKE2B 5526d7659db160df3b6d9f14922bd731d083f04c6dd084ef473c439d720733d0fd8b38bdfe92e30e05a8a94c41df965d04bca52601b2644352428b49b1ed9093 SHA512 5ac712d0d343c3b63ed248503cc7d33c637895a274c4434c91f513be117836f27cd5daba83088b4647bbd9c82d841e216e6346af8d485cb9ddcd35dee21d4887
DIST libsrtp-2.2.0.tar.gz 308469 BLAKE2B 4ef318bdf5c69b69b5869f478d5f0b9ee82d7d8a52440d10e931722c75b2f3a62b59f7542bb932cc93a21b7af24e6b253d70b4722833c5e1e5afce052e3b00e2 SHA512 3a5214b02199ae8dff45a2ed225ed9b1dcb75a9c6b07669e23bf86f97ad26e3e22b4930acdf3c56b21b605211a89a53a17c61602195b391a5b29a09823ba868c
+DIST libsrtp-2.3.0.tar.gz 633819 BLAKE2B 9ea40e9689fabc29b7a2c637bd4e4a2c44eec79205a6e5c5e5abf1069dfec7ba28d868ba620462205d61fdb28d0ca3b8532c1f59db704edd508e01afb551d255 SHA512 34b1a01cb9a75aed175be09aadd2827224203b9801becc3fbc5214667cce79c3b87b0f59e4315583863ab5a2cc4fc81d56ab604a5e4c984518b8a8a2a7b77461
diff --git a/net-libs/libsrtp/files/libsrtp-2.3.0-gcc-10.patch b/net-libs/libsrtp/files/libsrtp-2.3.0-gcc-10.patch
new file mode 100644
index 00000000000..67d4ad86d51
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-2.3.0-gcc-10.patch
@@ -0,0 +1,26 @@
+diff --git a/crypto/math/datatypes.c b/crypto/math/datatypes.c
+index 001584c..4fcb396 100644
+--- a/crypto/math/datatypes.c
++++ b/crypto/math/datatypes.c
+@@ -79,7 +79,7 @@ int octet_get_weight(uint8_t octet)
+
+ /* the value MAX_PRINT_STRING_LEN is defined in datatypes.h */
+
+-char bit_string[MAX_PRINT_STRING_LEN];
++static char bit_string[MAX_PRINT_STRING_LEN];
+
+ uint8_t srtp_nibble_to_hex_char(uint8_t nibble)
+ {
+diff --git a/test/util.c b/test/util.c
+index 2abc28e..c0f7614 100644
+--- a/test/util.c
++++ b/test/util.c
+@@ -49,7 +49,7 @@
+ #include <stdint.h>
+
+ /* include space for null terminator */
+-char bit_string[MAX_PRINT_STRING_LEN + 1];
++static char bit_string[MAX_PRINT_STRING_LEN + 1];
+
+ static inline int hex_char_to_nibble(uint8_t c)
+ {
diff --git a/net-libs/libsrtp/files/libsrtp-2.3.0-nss.patch b/net-libs/libsrtp/files/libsrtp-2.3.0-nss.patch
new file mode 100644
index 00000000000..6f71839e69d
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-2.3.0-nss.patch
@@ -0,0 +1,12 @@
+diff --git a/crypto/cipher/aes_gcm_nss.c b/crypto/cipher/aes_gcm_nss.c
+index 54547cd..ecbba64 100644
+--- a/crypto/cipher/aes_gcm_nss.c
++++ b/crypto/cipher/aes_gcm_nss.c
+@@ -284,6 +284,7 @@ static srtp_err_status_t srtp_aes_gcm_nss_do_crypto(void *cv,
+
+ c->params.pIv = c->iv;
+ c->params.ulIvLen = GCM_IV_LEN;
++ c->params.ulIvBits = 8 * GCM_IV_LEN;
+ c->params.pAAD = c->aad;
+ c->params.ulAADLen = c->aad_size;
+
diff --git a/net-libs/libsrtp/libsrtp-2.3.0.ebuild b/net-libs/libsrtp/libsrtp-2.3.0.ebuild
new file mode 100644
index 00000000000..b534d6b7f95
--- /dev/null
+++ b/net-libs/libsrtp/libsrtp-2.3.0.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools multilib-minimal
+
+DESCRIPTION="Open-source implementation of the Secure Real-time Transport Protocol (SRTP)"
+HOMEPAGE="https://github.com/cisco/libsrtp"
+SRC_URI="https://github.com/cisco/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="2/1"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 -sparc ~x86 ~ppc-macos ~x64-macos ~x86-macos"
+IUSE="debug doc libressl nss openssl static-libs test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="?? ( nss openssl )"
+
+RDEPEND="
+ openssl? (
+ !libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] )
+ libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
+ )
+ nss? ( dev-libs/nss )
+"
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+ doc? ( app-doc/doxygen )
+ virtual/pkgconfig
+"
+
+DOCS=( CHANGES )
+
+PATCHES=(
+ "${FILESDIR}/${P}-gcc-10.patch"
+ "${FILESDIR}/${P}-nss.patch"
+)
+
+src_prepare() {
+ default
+
+ eautoreconf
+
+ if use doc; then
+ echo "${PV}" > "${S}/VERSION"
+ fi
+
+ # sadly, tests are too broken to even consider using work-arounds
+ multilib_copy_sources
+}
+
+multilib_src_configure() {
+ # stdout: default error output for messages in debug
+ # pcap: seems to be test-only
+ # openssl-kdf: OpenSSL 1.1.0+
+ econf \
+ --enable-log-stdout \
+ --disable-pcap \
+ --disable-openssl-kdf \
+ $(use_enable debug debug-logging) \
+ $(use_enable openssl) \
+ $(use_enable nss)
+}
+
+multilib_src_compile() {
+ use static-libs && emake ${PN}2.a
+ emake shared_library
+ use test && emake test
+ if multilib_is_native_abi && use doc; then
+ emake libsrtp2doc
+ fi
+}
+
+multilib_src_test() {
+ LD_LIBRARY_PATH="${BUILD_DIR}" emake -j1 runtest
+
+ # Makefile.in has '$(testapp): libsrtp2.a'
+ if ! use static-libs; then
+ rm libsrtp2.a || die
+ fi
+}
+
+multilib_src_install() {
+ default
+
+ if multilib_is_native_abi && use doc; then
+ dodoc -r doc/html
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+}
diff --git a/net-libs/libsrtp/metadata.xml b/net-libs/libsrtp/metadata.xml
index 452aeee73ce..1ee9c5bae6c 100644
--- a/net-libs/libsrtp/metadata.xml
+++ b/net-libs/libsrtp/metadata.xml
@@ -14,6 +14,7 @@
<flag name="console">
Use /dev/console instead of stdout for error messages
</flag>
+ <flag name="nss">Use NSS crypto primitives</flag>
<flag name="openssl">Use OpenSSL crypto primitives</flag>
<flag name="syslog">Use syslog for error messages</flag>
</use>
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-12 16:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-28 14:09 [gentoo-commits] repo/gentoo:master commit in: net-libs/libsrtp/files/, net-libs/libsrtp/ Mike Gilbert
-- strict thread matches above, loose matches on Subject: below --
2020-06-12 16:56 Mike Gilbert
2018-12-22 19:34 Craig Andrews
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox