1. 12 Mar, 2018 1 commit
  2. 07 Mar, 2018 1 commit
    • Martin Vopatek's avatar
      Fix unprotect when pktlen < (2*mki_size + tag_len) · ca8e9a58
      Martin Vopatek authored
      The condition mki_start_location >= *mki_size in
      srtp_get_session_keys() should use base_mki_start_location.
      Now the condition is false for packets < 2*mki_size + tag_len.
      But as of commit d4bd43c9 the correct condition is now checked
      earlier so we simply remove the expression altogether.
      ca8e9a58
  3. 09 Feb, 2018 4 commits
    • Pascal Buhler's avatar
      Validate mki index when looking up keys · c995df45
      Pascal Buhler authored
      If the mki index is not valid then a NULL session
      key should be returned not just defaulting to first.
      This allows the protect functions to return
      with error bad mki.
      c995df45
    • Pascal Buhler's avatar
      Ensure returned trailer length is sufficient · 55626f32
      Pascal Buhler authored
      The srtp_get_protect_trailer_length needs to ensure
      that the returned value is large enough for any of
      the streams in the session.
      
      When a session is initialized with multiple polices
      it is possible to have different tag lengths for each
      policy. This function provides no way to specify which
      policy to use, so for now loop over all and find largest.
      
      The current function now has limited use so suggest to make
      two functions, one that takes ssrc or packet header so
      correct stream can be used, second function that takes a
      policy.
      
      # Conflicts:
      #	srtp/srtp.c
      55626f32
    • Pascal Buhler's avatar
      Remove needless check of session_keys · 253ac269
      Pascal Buhler authored
      The session_keys array is not shared with the
      template so if it was allocated just free it.
      253ac269
    • Pascal Buhler's avatar
      Prevent OOB access of stream_template->session_keys · 9546e959
      Pascal Buhler authored
      The template may not have been used for the deallocated
      stream, therefore the size of the session_keys array
      could be different.
      
      Should maybe contain a pointer to template from stream
      so it is explicitly known that it was used.
      9546e959
  4. 07 Feb, 2018 2 commits
    • Pascal Buhler's avatar
      remove srtp_stream_free use srtp_stream_dealloc instead · 8ec13a7e
      Pascal Buhler authored
      logic in srtp_stream_free was not correct and could result
      in memory access errors, srtp_stream_dealloc can safely be used
      instead and is "more" correct.
      8ec13a7e
    • marcus's avatar
      Fix memory access issue in srtp_get_session_keys() · d4bd43c9
      marcus authored
      Issue:
      In srtp_get_session_keys(), when packet size (*pkt_octet_len) is
      greater than auth tag length but smaller than (auth tag length + MKI
      size), mki_start_location would take on incredible huge values,
      leading to memory access issue when calling memcmp() on iOS platform.
      
      Fix:
      Add additional sanity check before calculating mki_start_location.
      d4bd43c9
  5. 26 Jan, 2018 2 commits
  6. 14 Nov, 2017 1 commit
  7. 12 Nov, 2017 2 commits
  8. 12 Oct, 2017 1 commit
  9. 29 Sep, 2017 1 commit
  10. 27 Sep, 2017 1 commit
    • Pascal Bühler's avatar
      Ensure stream is freed if cloning fails · 7eaf9f7c
      Pascal Bühler authored
      srtp_stream_ctx_t is a complex struct, so once it has been
      been allocated with srtp_crypto_alloc and at least partially
      initialized it should always be freed with srtp_stream_free.
      For this to work the struct needs to be initialized to 0.
      
      Found in coverity.
      7eaf9f7c
  11. 26 Sep, 2017 1 commit
  12. 07 Jul, 2017 1 commit
  13. 07 Jun, 2017 1 commit
  14. 29 May, 2017 1 commit
    • Ulf Olsson's avatar
      srtp.c: Save the ROC and sequence number before usage · c42b5354
      Ulf Olsson authored
      The ROC and the sequence number to set must be calculated
      before the estimated index is used otherwise the packets
      following the first one can't be decoded/authenticated
      
      Change-Id: Ib2950b37771d39607fdead33d32245fa08fb0ab1
      c42b5354
  15. 14 May, 2017 1 commit
    • Geir Istad's avatar
      srtp.c/srtp_priv.h: Fix for big endian machines · c07609cf
      Geir Istad authored
      srtp.h was included in srtp.c before config.h was included. As a result
      of this the WORDS_BIGENDIAN define was not set, and srtp_hdr_t would be
      defined as per little endian implementation in srtp.c
      
      This is a fix for issue 229 for big endian machines.
      c07609cf
  16. 26 Apr, 2017 2 commits
  17. 25 Apr, 2017 1 commit
  18. 19 Apr, 2017 1 commit
  19. 12 Apr, 2017 1 commit
  20. 06 Apr, 2017 1 commit
    • Ulf Olsson's avatar
      Code refactoring · bb2adb0e
      Ulf Olsson authored
      After some discussions we decided to use the implementation
      in the 2_0_0_ekt_dev branch as a starting point
      bb2adb0e
  21. 03 Apr, 2017 1 commit
  22. 31 Mar, 2017 2 commits
  23. 30 Mar, 2017 1 commit
  24. 27 Mar, 2017 1 commit
    • Geir Istad's avatar
      Bump copyright year · 445c1c94
      Geir Istad authored
      test_srtp.c had incorrect year (copy paste), updated to current year.
      445c1c94
  25. 22 Mar, 2017 1 commit
  26. 21 Mar, 2017 4 commits
  27. 13 Mar, 2017 3 commits