Date: Mon, 11 Jun 2018 08:18:30 +0000 (UTC) From: Tijl Coosemans <tijl@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r472170 - in head/net/libsrtp: . files Message-ID: <201806110818.w5B8IUvr098714@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tijl Date: Mon Jun 11 08:18:30 2018 New Revision: 472170 URL: https://svnweb.freebsd.org/changeset/ports/472170 Log: Backport OpenSSL 1.1 support (and prerequisites) from libsrtp2. https://github.com/cisco/libsrtp/commit/84faa631a55235f6138cacda2e7f81980a43d13e Refactor memory allocation for the symmetric ciphers context structures. https://github.com/cisco/libsrtp/commit/5781341d99cd286a1f3d164e0576c2e837a444b7 Use the OpenSSL HMAC implementation, and thus also the OpenSSL EVP_sha1() implementation. Experiments show about a 1.5x speedup on Intel CPUs with AVX2. https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b When building with OpenSSL, pass the AES_ICM key to the EVP context (and thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv. This means that AES key expansion is done once per key, rather than once per packet, resulting in a 2-3x speedup for AES-128. https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac When building with OpenSSL, pass the AES_GCM key to the EVP context (and thus, do AES key expansion) in srtp_cipher_init, not srtp_cipher_set_iv. Improves AES_GCM performance 2x-3x. https://github.com/cisco/libsrtp/commit/0b45423678ddc46d702f3a51614f20bfbd112ddd Changes for OpenSSL 1.1.0 compatibility. In OpenSSL 1.1.0, EVP_CIPHER_CTX, HMAC_CTX, and EVP_MD_CTX are opaque types, and have to be allocated with *_new methods and deallocated with *_free. EVP_CIPHER_CTX_new/free is present in OpenSSL 1.0.1 and later, but HMAC_CTX_new and EVP_MD_CTX_new are new in OpenSSL 1.1.0. Use the _new unconditionally for ciphers, and conditionally use the old or new APIs for HMAC and MD. No noticible performance change for older OpenSSL. PR: 228866 Added: head/net/libsrtp/files/patch-00-84faa63 (contents, props changed) head/net/libsrtp/files/patch-01-5781341 (contents, props changed) head/net/libsrtp/files/patch-02-fb95445 (contents, props changed) head/net/libsrtp/files/patch-03-1acba56 (contents, props changed) head/net/libsrtp/files/patch-04-0b45423 (contents, props changed) Modified: head/net/libsrtp/Makefile Modified: head/net/libsrtp/Makefile ============================================================================== --- head/net/libsrtp/Makefile Mon Jun 11 07:24:08 2018 (r472169) +++ head/net/libsrtp/Makefile Mon Jun 11 08:18:30 2018 (r472170) @@ -4,6 +4,7 @@ PORTNAME= libsrtp DISTVERSIONPREFIX= v DISTVERSION= 1.6.0 +PORTREVISION= 1 CATEGORIES= net MAINTAINER= tijl@FreeBSD.org Added: head/net/libsrtp/files/patch-00-84faa63 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libsrtp/files/patch-00-84faa63 Mon Jun 11 08:18:30 2018 (r472170) @@ -0,0 +1,285 @@ +Backport of https://github.com/cisco/libsrtp/commit/84faa631a55235f6138cacda2e7f81980a43d13e + +--- crypto/cipher/aes_gcm_ossl.c.orig 2017-08-01 11:57:38 UTC ++++ crypto/cipher/aes_gcm_ossl.c +@@ -85,8 +85,6 @@ extern cipher_type_t aes_gcm_256_openssl; + err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) + { + aes_gcm_ctx_t *gcm; +- int tmp; +- uint8_t *allptr; + + debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len); + debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen); +@@ -105,16 +103,22 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int + } + + /* allocate memory a cipher of type aes_gcm */ +- tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t); +- allptr = crypto_alloc(tmp); +- if (allptr == NULL) { ++ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); ++ if (*c == NULL) { + return (err_status_alloc_fail); + } ++ memset(*c, 0x0, sizeof(cipher_t)); + ++ gcm = (aes_gcm_ctx_t *)crypto_alloc(sizeof(aes_gcm_ctx_t)); ++ if (gcm == NULL) { ++ crypto_free(*c); ++ *c = NULL; ++ return (err_status_alloc_fail); ++ } ++ memset(gcm, 0x0, sizeof(aes_gcm_ctx_t)); ++ + /* set pointers */ +- *c = (cipher_t*)allptr; +- (*c)->state = allptr + sizeof(cipher_t); +- gcm = (aes_gcm_ctx_t *)(*c)->state; ++ (*c)->state = gcm; + + /* increment ref_count */ + switch (key_len) { +@@ -122,15 +126,15 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int + (*c)->type = &aes_gcm_128_openssl; + (*c)->algorithm = AES_128_GCM; + aes_gcm_128_openssl.ref_count++; +- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; +- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; ++ gcm->key_size = AES_128_KEYSIZE; ++ gcm->tag_len = tlen; + break; + case AES_256_GCM_KEYSIZE_WSALT: + (*c)->type = &aes_gcm_256_openssl; + (*c)->algorithm = AES_256_GCM; + aes_gcm_256_openssl.ref_count++; +- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; +- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; ++ gcm->key_size = AES_256_KEYSIZE; ++ gcm->tag_len = tlen; + break; + } + +@@ -164,10 +168,10 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) + return (err_status_dealloc_fail); + break; + } ++ /* zeroize the key material */ ++ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_gcm_ctx_t)); ++ crypto_free(ctx); + } +- +- /* zeroize entire state*/ +- octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_t)); + + /* free memory */ + crypto_free(c); +--- crypto/cipher/aes_icm.c.orig 2017-08-01 11:57:38 UTC ++++ crypto/cipher/aes_icm.c +@@ -95,8 +95,7 @@ debug_module_t mod_aes_icm = { + err_status_t + aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) { + extern cipher_type_t aes_icm; +- uint8_t *pointer; +- int tmp; ++ aes_icm_ctx_t *icm; + + debug_print(mod_aes_icm, + "allocating cipher with key length %d", key_len); +@@ -114,13 +113,23 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int + return err_status_bad_param; + + /* allocate memory a cipher of type aes_icm */ +- tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); +- pointer = (uint8_t*)crypto_alloc(tmp); +- if (pointer == NULL) ++ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); ++ if (*c == NULL) + return err_status_alloc_fail; + ++ memset(*c, 0x0, sizeof(cipher_t)); ++ ++ icm = (aes_icm_ctx_t *)crypto_alloc(sizeof(aes_icm_ctx_t)); ++ if (icm == NULL) { ++ crypto_free(*c); ++ return err_status_alloc_fail; ++ } ++ memset(icm, 0x0, sizeof(aes_icm_ctx_t)); ++ + /* set pointers */ +- *c = (cipher_t *)pointer; ++ (*c)->state = icm; ++ (*c)->type = &aes_icm; ++ + switch (key_len) { + case 46: + (*c)->algorithm = AES_256_ICM; +@@ -132,13 +141,12 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int + (*c)->algorithm = AES_128_ICM; + break; + } +- (*c)->type = &aes_icm; +- (*c)->state = pointer + sizeof(cipher_t); + + /* increment ref_count */ + aes_icm.ref_count++; + + /* set key size */ ++ icm->key_size = key_len; + (*c)->key_len = key_len; + + return err_status_ok; +@@ -151,12 +159,20 @@ err_status_t aes_icm_alloc(cipher_t **c, int key_len, + err_status_t + aes_icm_dealloc(cipher_t *c) { + extern cipher_type_t aes_icm; ++ aes_icm_ctx_t *ctx; + +- /* zeroize entire state*/ +- octet_string_set_to_zero((uint8_t *)c, +- sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); ++ if (c == NULL) { ++ return err_status_bad_param; ++ } + +- /* free memory */ ++ ctx = (aes_icm_ctx_t *)c->state; ++ if (ctx) { ++ /* zeroize the key material */ ++ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_icm_ctx_t)); ++ crypto_free(ctx); ++ } ++ ++ /* free the cipher context */ + crypto_free(c); + + /* decrement ref_count */ +--- crypto/cipher/aes_icm_ossl.c.orig 2017-08-01 11:57:38 UTC ++++ crypto/cipher/aes_icm_ossl.c +@@ -115,8 +115,6 @@ extern cipher_type_t aes_icm_256; + err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) + { + aes_icm_ctx_t *icm; +- int tmp; +- uint8_t *allptr; + + debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len); + +@@ -132,16 +130,22 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int + } + + /* allocate memory a cipher of type aes_icm */ +- tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t); +- allptr = (uint8_t*)crypto_alloc(tmp); +- if (allptr == NULL) { ++ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); ++ if (*c == NULL) { + return err_status_alloc_fail; + } ++ memset(*c, 0x0, sizeof(cipher_t)); + ++ icm = (aes_icm_ctx_t *)crypto_alloc(sizeof(aes_icm_ctx_t)); ++ if (icm == NULL) { ++ crypto_free(*c); ++ *c = NULL; ++ return err_status_alloc_fail; ++ } ++ memset(icm, 0x0, sizeof(aes_icm_ctx_t)); ++ + /* set pointers */ +- *c = (cipher_t*)allptr; +- (*c)->state = allptr + sizeof(cipher_t); +- icm = (aes_icm_ctx_t*)(*c)->state; ++ (*c)->state = icm; + + /* increment ref_count */ + switch (key_len) { +@@ -149,21 +153,21 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int + (*c)->algorithm = AES_128_ICM; + (*c)->type = &aes_icm; + aes_icm.ref_count++; +- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; ++ icm->key_size = AES_128_KEYSIZE; + break; + #ifndef SRTP_NO_AES192 + case AES_192_KEYSIZE_WSALT: + (*c)->algorithm = AES_192_ICM; + (*c)->type = &aes_icm_192; + aes_icm_192.ref_count++; +- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE; ++ icm->key_size = AES_192_KEYSIZE; + break; + #endif + case AES_256_KEYSIZE_WSALT: + (*c)->algorithm = AES_256_ICM; + (*c)->type = &aes_icm_256; + aes_icm_256.ref_count++; +- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; ++ icm->key_size = AES_256_KEYSIZE; + break; + } + +@@ -209,11 +213,10 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) + return err_status_dealloc_fail; + break; + } ++ /* zeroize the key material */ ++ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_icm_ctx_t)); ++ crypto_free(ctx); + } +- +- /* zeroize entire state*/ +- octet_string_set_to_zero((uint8_t*)c, +- sizeof(cipher_t) + sizeof(aes_icm_ctx_t)); + + /* free memory */ + crypto_free(c); +--- crypto/cipher/null_cipher.c.orig 2017-08-01 11:57:38 UTC ++++ crypto/cipher/null_cipher.c +@@ -59,21 +59,21 @@ extern debug_module_t mod_cipher; + err_status_t + null_cipher_alloc(cipher_t **c, int key_len, int tlen) { + extern cipher_type_t null_cipher; +- uint8_t *pointer; + + debug_print(mod_cipher, + "allocating cipher with key length %d", key_len); + + /* allocate memory a cipher of type null_cipher */ +- pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); +- if (pointer == NULL) ++ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); ++ if (*c == NULL) + return err_status_alloc_fail; + ++ memset(*c, 0x0, sizeof(cipher_t)); ++ + /* set pointers */ +- *c = (cipher_t *)pointer; + (*c)->algorithm = NULL_CIPHER; + (*c)->type = &null_cipher; +- (*c)->state = pointer + sizeof(cipher_t); ++ (*c)->state = 0x1; /* The null cipher does not maintain state */ + + /* set key size */ + (*c)->key_len = key_len; +@@ -90,8 +90,7 @@ null_cipher_dealloc(cipher_t *c) { + extern cipher_type_t null_cipher; + + /* zeroize entire state*/ +- octet_string_set_to_zero((uint8_t *)c, +- sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); ++ octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t)); + + /* free memory of type null_cipher */ + crypto_free(c); +--- crypto/test/cipher_driver.c.orig 2017-08-01 11:57:38 UTC ++++ crypto/test/cipher_driver.c +@@ -58,7 +58,6 @@ + #else + #include "aes_icm.h" + #endif +-#include "null_cipher.h" + + #define PRINT_DEBUG 0 + Added: head/net/libsrtp/files/patch-01-5781341 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libsrtp/files/patch-01-5781341 Mon Jun 11 08:18:30 2018 (r472170) @@ -0,0 +1,254 @@ +Backport of https://github.com/cisco/libsrtp/commit/5781341d99cd286a1f3d164e0576c2e837a444b7 + +--- crypto/hash/hmac_ossl.c.orig 2017-08-01 11:57:38 UTC ++++ crypto/hash/hmac_ossl.c +@@ -46,11 +46,12 @@ + #include <config.h> + #endif + +-#include "hmac.h" ++#include "auth.h" + #include "alloc.h" + #include <openssl/evp.h> ++#include <openssl/hmac.h> + +-#define HMAC_KEYLEN_MAX 20 ++#define SHA1_DIGEST_SIZE 20 + + /* the debug module for authentiation */ + +@@ -65,26 +66,18 @@ hmac_alloc (auth_t **a, int key_len, int out_len) + { + extern auth_type_t hmac; + uint8_t *pointer; +- hmac_ctx_t *new_hmac_ctx; ++ HMAC_CTX *new_hmac_ctx; + + debug_print(mod_hmac, "allocating auth func with key length %d", key_len); + debug_print(mod_hmac, " tag length %d", out_len); + +- /* +- * check key length - note that we don't support keys larger +- * than 20 bytes yet +- */ +- if (key_len > HMAC_KEYLEN_MAX) { +- return err_status_bad_param; +- } +- + /* check output length - should be less than 20 bytes */ +- if (out_len > HMAC_KEYLEN_MAX) { ++ if (out_len > SHA1_DIGEST_SIZE) { + return err_status_bad_param; + } + +- /* allocate memory for auth and hmac_ctx_t structures */ +- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); ++ /* allocate memory for auth and HMAC_CTX structures */ ++ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t)); + if (pointer == NULL) { + return err_status_alloc_fail; + } +@@ -96,8 +89,8 @@ hmac_alloc (auth_t **a, int key_len, int out_len) + (*a)->out_len = out_len; + (*a)->key_len = key_len; + (*a)->prefix_len = 0; +- new_hmac_ctx = (hmac_ctx_t*)((*a)->state); +- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t)); ++ new_hmac_ctx = (HMAC_CTX*)((*a)->state); ++ HMAC_CTX_init(new_hmac_ctx); + + /* increment global count of all hmac uses */ + hmac.ref_count++; +@@ -109,19 +102,15 @@ err_status_t + hmac_dealloc (auth_t *a) + { + extern auth_type_t hmac; +- hmac_ctx_t *hmac_ctx; ++ HMAC_CTX *hmac_ctx; + +- hmac_ctx = (hmac_ctx_t*)a->state; +- if (hmac_ctx->ctx_initialized) { +- EVP_MD_CTX_cleanup(&hmac_ctx->ctx); +- } +- if (hmac_ctx->init_ctx_initialized) { +- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx); +- } ++ hmac_ctx = (HMAC_CTX*)a->state; + ++ HMAC_CTX_cleanup(hmac_ctx); ++ + /* zeroize entire state*/ + octet_string_set_to_zero((uint8_t*)a, +- sizeof(hmac_ctx_t) + sizeof(auth_t)); ++ sizeof(HMAC_CTX) + sizeof(auth_t)); + + /* free memory */ + crypto_free(a); +@@ -133,113 +122,65 @@ hmac_dealloc (auth_t *a) + } + + err_status_t +-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len) ++hmac_init (HMAC_CTX *state, const uint8_t *key, int key_len) + { +- int i; +- uint8_t ipad[64]; ++ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0) ++ return err_status_auth_fail; + +- /* +- * check key length - note that we don't support keys larger +- * than 20 bytes yet +- */ +- if (key_len > HMAC_KEYLEN_MAX) { +- return err_status_bad_param; +- } +- +- /* +- * set values of ipad and opad by exoring the key into the +- * appropriate constant values +- */ +- for (i = 0; i < key_len; i++) { +- ipad[i] = key[i] ^ 0x36; +- state->opad[i] = key[i] ^ 0x5c; +- } +- /* set the rest of ipad, opad to constant values */ +- for (; i < sizeof(ipad); i++) { +- ipad[i] = 0x36; +- ((uint8_t*)state->opad)[i] = 0x5c; +- } +- +- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad))); +- +- /* initialize sha1 context */ +- sha1_init(&state->init_ctx); +- state->init_ctx_initialized = 1; +- +- /* hash ipad ^ key */ +- sha1_update(&state->init_ctx, ipad, sizeof(ipad)); +- return (hmac_start(state)); ++ return err_status_ok; + } + + err_status_t +-hmac_start (hmac_ctx_t *state) ++hmac_start (HMAC_CTX *state) + { +- if (state->ctx_initialized) { +- EVP_MD_CTX_cleanup(&state->ctx); +- } +- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) { ++ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0) + return err_status_auth_fail; +- } else { +- state->ctx_initialized = 1; +- return err_status_ok; +- } ++ ++ return err_status_ok; + } + + err_status_t +-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets) ++hmac_update (HMAC_CTX *state, const uint8_t *message, int msg_octets) + { + debug_print(mod_hmac, "input: %s", + octet_string_hex_string(message, msg_octets)); + +- /* hash message into sha1 context */ +- sha1_update(&state->ctx, message, msg_octets); ++ if (HMAC_Update(state, message, msg_octets) == 0) ++ return err_status_auth_fail; + + return err_status_ok; + } + + err_status_t +-hmac_compute (hmac_ctx_t *state, const void *message, ++hmac_compute (HMAC_CTX *state, const void *message, + int msg_octets, int tag_len, uint8_t *result) + { +- uint32_t hash_value[5]; +- uint32_t H[5]; ++ uint8_t hash_value[SHA1_DIGEST_SIZE]; + int i; ++ unsigned int len; + + /* check tag length, return error if we can't provide the value expected */ +- if (tag_len > HMAC_KEYLEN_MAX) { ++ if (tag_len > SHA1_DIGEST_SIZE) { + return err_status_bad_param; + } + + /* hash message, copy output into H */ +- sha1_update(&state->ctx, message, msg_octets); +- sha1_final(&state->ctx, H); ++ if (HMAC_Update(state, message, msg_octets) == 0) ++ return err_status_auth_fail; + +- /* +- * note that we don't need to debug_print() the input, since the +- * function hmac_update() already did that for us +- */ +- debug_print(mod_hmac, "intermediate state: %s", +- octet_string_hex_string((uint8_t*)H, sizeof(H))); ++ if (HMAC_Final(state, hash_value, &len) == 0) ++ return err_status_auth_fail; + +- /* re-initialize hash context */ +- sha1_init(&state->ctx); ++ if (len < tag_len) ++ return err_status_auth_fail; + +- /* hash opad ^ key */ +- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad)); +- +- /* hash the result of the inner hash */ +- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H)); +- +- /* the result is returned in the array hash_value[] */ +- sha1_final(&state->ctx, hash_value); +- + /* copy hash_value to *result */ + for (i = 0; i < tag_len; i++) { +- result[i] = ((uint8_t*)hash_value)[i]; ++ result[i] = hash_value[i]; + } + + debug_print(mod_hmac, "output: %s", +- octet_string_hex_string((uint8_t*)hash_value, tag_len)); ++ octet_string_hex_string(hash_value, tag_len)); + + return err_status_ok; + } +@@ -248,7 +189,7 @@ hmac_compute (hmac_ctx_t *state, const void *message, + /* begin test case 0 */ + + uint8_t +- hmac_test_case_0_key[HMAC_KEYLEN_MAX] = { ++ hmac_test_case_0_key[SHA1_DIGEST_SIZE] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b +@@ -260,7 +201,7 @@ uint8_t + }; + + uint8_t +- hmac_test_case_0_tag[HMAC_KEYLEN_MAX] = { ++ hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = { + 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, + 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, + 0xf1, 0x46, 0xbe, 0x00 +--- crypto/include/hmac.h.orig 2017-08-01 11:57:38 UTC ++++ crypto/include/hmac.h +@@ -53,10 +53,6 @@ typedef struct { + uint8_t opad[64]; + sha1_ctx_t ctx; + sha1_ctx_t init_ctx; +-#ifdef OPENSSL +- int ctx_initialized; +- int init_ctx_initialized; +-#endif + } hmac_ctx_t; + + err_status_t Added: head/net/libsrtp/files/patch-02-fb95445 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libsrtp/files/patch-02-fb95445 Mon Jun 11 08:18:30 2018 (r472170) @@ -0,0 +1,113 @@ +Backport of https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b + +--- crypto/cipher/aes_icm_ossl.c.orig 2018-06-10 20:33:16 UTC ++++ crypto/cipher/aes_icm_ossl.c +@@ -235,6 +235,8 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) + */ + err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len) + { ++ const EVP_CIPHER *evp; ++ + /* + * set counter and initial values to 'offset' value, being careful not to + * go past the end of the key buffer +@@ -252,30 +254,35 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx + c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0; + c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0; + +- /* copy key to be used later when CiscoSSL crypto context is created */ +- v128_copy_octet_string((v128_t*)&c->key, key); ++ debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size)); ++ debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); + +- /* if the key is greater than 16 bytes, copy the second +- * half. Note, we treat AES-192 and AES-256 the same here +- * for simplicity. The storage location receiving the +- * key is statically allocated to handle a full 32 byte key +- * regardless of the cipher in use. +- */ +- if (c->key_size == AES_256_KEYSIZE ++ EVP_CIPHER_CTX_init(&c->ctx); ++ ++ switch (c->key_size) { ++ case AES_256_KEYSIZE: ++ evp = EVP_aes_256_ctr(); ++ break; + #ifndef SRTP_NO_AES192 +- || c->key_size == AES_192_KEYSIZE ++ case AES_192_KEYSIZE: ++ evp = EVP_aes_192_ctr(); ++ break; + #endif +- ) { +- debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s", +- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); +- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE); ++ case AES_128_KEYSIZE: ++ evp = EVP_aes_128_ctr(); ++ break; ++ default: ++ return err_status_bad_param; ++ break; + } + +- debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); +- debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); ++ if (!EVP_EncryptInit_ex(&c->ctx, evp, ++ NULL, key, NULL)) { ++ return err_status_fail; ++ } else { ++ return err_status_ok; ++ } + +- EVP_CIPHER_CTX_cleanup(&c->ctx); +- + return err_status_ok; + } + +@@ -286,7 +293,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx + */ + err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) + { +- const EVP_CIPHER *evp; + v128_t nonce; + + /* set nonce (for alignment) */ +@@ -298,25 +304,8 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, + + debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); + +- switch (c->key_size) { +- case AES_256_KEYSIZE: +- evp = EVP_aes_256_ctr(); +- break; +-#ifndef SRTP_NO_AES192 +- case AES_192_KEYSIZE: +- evp = EVP_aes_192_ctr(); +- break; +-#endif +- case AES_128_KEYSIZE: +- evp = EVP_aes_128_ctr(); +- break; +- default: +- return err_status_bad_param; +- break; +- } +- +- if (!EVP_EncryptInit_ex(&c->ctx, evp, +- NULL, c->key.v8, c->counter.v8)) { ++ if (!EVP_EncryptInit_ex(&c->ctx, NULL, ++ NULL, NULL, c->counter.v8)) { + return err_status_fail; + } else { + return err_status_ok; +--- crypto/include/aes_icm_ossl.h.orig 2017-08-01 11:57:38 UTC ++++ crypto/include/aes_icm_ossl.h +@@ -70,7 +70,6 @@ + typedef struct { + v128_t counter; /* holds the counter value */ + v128_t offset; /* initial offset value */ +- v256_t key; + int key_size; + EVP_CIPHER_CTX ctx; + } aes_icm_ctx_t; Added: head/net/libsrtp/files/patch-03-1acba56 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libsrtp/files/patch-03-1acba56 Mon Jun 11 08:18:30 2018 (r472170) @@ -0,0 +1,83 @@ +Backport of https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac + +--- crypto/cipher/aes_gcm_ossl.c.orig 2018-06-10 18:51:02 UTC ++++ crypto/cipher/aes_gcm_ossl.c +@@ -187,22 +187,28 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) + */ + err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) + { ++ const EVP_CIPHER *evp; ++ + c->dir = direction_any; + +- /* copy key to be used later when CiscoSSL crypto context is created */ +- v128_copy_octet_string((v128_t*)&c->key, key); ++ debug_print(mod_aes_gcm, "key: %s", octet_string_hex_string(key, c->key_size)); + +- if (c->key_size == AES_256_KEYSIZE) { +- debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s", +- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); +- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, +- key + AES_128_KEYSIZE); ++ switch (c->key_size) { ++ case AES_256_KEYSIZE: ++ evp = EVP_aes_256_gcm(); ++ break; ++ case AES_128_KEYSIZE: ++ evp = EVP_aes_128_gcm(); ++ break; ++ default: ++ return (err_status_bad_param); ++ break; + } + +- debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); ++ if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) { ++ return (err_status_init_fail); ++ } + +- EVP_CIPHER_CTX_cleanup(&c->ctx); +- + return (err_status_ok); + } + +@@ -214,8 +220,6 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx + err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, + int direction) + { +- const EVP_CIPHER *evp; +- + if (direction != direction_encrypt && direction != direction_decrypt) { + return (err_status_bad_param); + } +@@ -223,19 +227,7 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, + + debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv)); + +- switch (c->key_size) { +- case AES_256_KEYSIZE: +- evp = EVP_aes_256_gcm(); +- break; +- case AES_128_KEYSIZE: +- evp = EVP_aes_128_gcm(); +- break; +- default: +- return (err_status_bad_param); +- break; +- } +- +- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, ++ if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL, + NULL, (c->dir == direction_encrypt ? 1 : 0))) { + return (err_status_init_fail); + } +--- crypto/include/aes_gcm_ossl.h.orig 2017-08-01 11:57:38 UTC ++++ crypto/include/aes_gcm_ossl.h +@@ -52,7 +52,6 @@ + #include <openssl/aes.h> + + typedef struct { +- v256_t key; + int key_size; + int tag_len; + EVP_CIPHER_CTX ctx; Added: head/net/libsrtp/files/patch-04-0b45423 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/libsrtp/files/patch-04-0b45423 Mon Jun 11 08:18:30 2018 (r472170) @@ -0,0 +1,361 @@ +Backport of https://github.com/cisco/libsrtp/commit/0b45423678ddc46d702f3a51614f20bfbd112ddd + +--- crypto/cipher/aes_gcm_ossl.c.orig 2018-06-11 07:46:09 UTC ++++ crypto/cipher/aes_gcm_ossl.c +@@ -117,6 +117,14 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int + } + memset(gcm, 0x0, sizeof(aes_gcm_ctx_t)); + ++ gcm->ctx = EVP_CIPHER_CTX_new(); ++ if (gcm->ctx == NULL) { ++ crypto_free(gcm); ++ crypto_free(*c); ++ *c = NULL; ++ return err_status_alloc_fail; ++ } ++ + /* set pointers */ + (*c)->state = gcm; + +@@ -140,7 +148,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int + + /* set key size */ + (*c)->key_len = key_len; +- EVP_CIPHER_CTX_init(&gcm->ctx); + + return (err_status_ok); + } +@@ -155,7 +162,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) + + ctx = (aes_gcm_ctx_t*)c->state; + if (ctx) { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + /* decrement ref_count for the appropriate engine */ + switch (ctx->key_size) { + case AES_256_KEYSIZE: +@@ -205,7 +212,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx + break; + } + +- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) { ++ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) { + return (err_status_init_fail); + } + +@@ -227,19 +234,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, + + debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv)); + +- if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL, ++ if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, + NULL, (c->dir == direction_encrypt ? 1 : 0))) { + return (err_status_init_fail); + } + + /* set IV len and the IV value, the followiong 3 calls are required */ +- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { ++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { + return (err_status_init_fail); + } +- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { ++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { + return (err_status_init_fail); + } +- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { ++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { + return (err_status_init_fail); + } + +@@ -263,9 +270,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c + * Set dummy tag, OpenSSL requires the Tag to be set before + * processing AAD + */ +- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); ++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); + +- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); ++ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); + if (rv != aad_len) { + return (err_status_algo_fail); + } else { +@@ -291,7 +298,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c + /* + * Encrypt the data + */ +- EVP_Cipher(&c->ctx, buf, buf, *enc_len); ++ EVP_Cipher(c->ctx, buf, buf, *enc_len); + + return (err_status_ok); + } +@@ -313,12 +320,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c + /* + * Calculate the tag + */ +- EVP_Cipher(&c->ctx, NULL, NULL, 0); ++ EVP_Cipher(c->ctx, NULL, NULL, 0); + + /* + * Retreive the tag + */ +- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); ++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); + + /* + * Increase encryption length by desired tag size +@@ -347,14 +354,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c + /* + * Set the tag before decrypting + */ +- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, ++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, + buf + (*enc_len - c->tag_len)); +- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); ++ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); + + /* + * Check the tag + */ +- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { ++ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) { + return (err_status_auth_fail); + } + +--- crypto/cipher/aes_icm_ossl.c.orig 2018-06-11 07:46:00 UTC ++++ crypto/cipher/aes_icm_ossl.c +@@ -144,6 +144,14 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int + } + memset(icm, 0x0, sizeof(aes_icm_ctx_t)); + ++ icm->ctx = EVP_CIPHER_CTX_new(); ++ if (icm->ctx == NULL) { ++ crypto_free(icm); ++ crypto_free(*c); ++ *c = NULL; ++ return err_status_alloc_fail; ++ } ++ + /* set pointers */ + (*c)->state = icm; + +@@ -173,7 +181,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int + + /* set key size */ + (*c)->key_len = key_len; +- EVP_CIPHER_CTX_init(&icm->ctx); + + return err_status_ok; + } +@@ -195,7 +202,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) + */ + ctx = (aes_icm_ctx_t*)c->state; + if (ctx != NULL) { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + /* decrement ref_count for the appropriate engine */ + switch (ctx->key_size) { + case AES_256_KEYSIZE: +@@ -257,8 +264,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx + debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size)); + debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); + +- EVP_CIPHER_CTX_init(&c->ctx); +- + switch (c->key_size) { + case AES_256_KEYSIZE: + evp = EVP_aes_256_ctr(); +@@ -276,7 +281,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx + break; + } + +- if (!EVP_EncryptInit_ex(&c->ctx, evp, ++ if (!EVP_EncryptInit_ex(c->ctx, evp, + NULL, key, NULL)) { + return err_status_fail; + } else { +@@ -304,7 +309,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, + + debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); + +- if (!EVP_EncryptInit_ex(&c->ctx, NULL, ++ if (!EVP_EncryptInit_ex(c->ctx, NULL, + NULL, NULL, c->counter.v8)) { + return err_status_fail; + } else { +@@ -326,12 +331,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c + + debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); + +- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { ++ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) { + return err_status_cipher_fail; + } + *enc_len = len; + +- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) { ++ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { + return err_status_cipher_fail; + } + *enc_len += len; +--- crypto/hash/hmac_ossl.c.orig 2018-06-11 07:45:39 UTC ++++ crypto/hash/hmac_ossl.c +@@ -65,8 +65,6 @@ err_status_t + hmac_alloc (auth_t **a, int key_len, int out_len) + { + extern auth_type_t hmac; +- uint8_t *pointer; +- HMAC_CTX *new_hmac_ctx; + + debug_print(mod_hmac, "allocating auth func with key length %d", key_len); + debug_print(mod_hmac, " tag length %d", out_len); +@@ -76,21 +74,43 @@ hmac_alloc (auth_t **a, int key_len, int out_len) + return err_status_bad_param; + } + +- /* allocate memory for auth and HMAC_CTX structures */ +- pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t)); +- if (pointer == NULL) { ++/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated ++ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ { ++ /* allocate memory for auth and HMAC_CTX structures */ ++ uint8_t* pointer; ++ HMAC_CTX *new_hmac_ctx; ++ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t)); ++ if (pointer == NULL) { ++ return err_status_alloc_fail; ++ } ++ *a = (auth_t*)pointer; ++ (*a)->state = pointer + sizeof(auth_t); ++ new_hmac_ctx = (HMAC_CTX*)((*a)->state); ++ ++ HMAC_CTX_init(new_hmac_ctx); ++ } ++ ++#else ++ *a = (auth_t*)crypto_alloc(sizeof(auth_t)); ++ if (*a == NULL) { + return err_status_alloc_fail; + } *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806110818.w5B8IUvr098714>