1Changelog 2 31.3.20 4 5 Lots of changes. Thanks to Jeff Chan for catching a memory leak and 6 helping track down the endian issues with the SSRCs. 7 81.3.8 9 10 This is an interim release. Several little-endian bugs were identified 11 and fixed; this means that we can use intel/linux for development again. 12 13 Cleaned up sha1 and hmac code significantly, got rid of some excess 14 functions and properly documented the fuctions in the .h files. 15 16 Eliminated some vestigial files. 17 18 There is a SIGBUS error in the AES encrypt function on sparc 19 (observed on both solaris and openbsd) with gcc 2.95. Was unable to 20 find bad pointer anywhere, so I'm wondering if it isn't a compiler 21 problem (there's a known problem whose profile it fits). It doesn't 22 appear on any other platform, even in the cipher_driver stress 23 tests. 24 25 Planned changes 26 27 Change interface to nonces (xtd_seq_num_t) so that it uses 28 network byte ordering, and is consistent with other arguments. 29 30 311.3.6 32 33 Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to 34 /dev/urandom; the latter is non-blocking on all known platforms (which 35 corrects some programs that seem to hang) and is actually present on 36 Open BSD (unlike /dev/random, which only works in the presence of 37 hardware supported random number generation). 38 39 Added machine/types.h case in include/integers.h. 40 411.3.5 42 43 Removing srtp_t::template and stream_clone(). 44 45 Adding a new policy structure, which will reflect a complete SRTP 46 policy (including SRTCP). 47 48 This version is *incomplete* and will undergo more changes. It is 49 provided only as a basis for discussion. 50 511.3.4 52 53 Removed tmmh.c and tmmh.h, which implemented version one of TMMH. 54 55 Changed srtp_get_trailer_length() to act on streams rather than 56 sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should 57 usually be used rather than that function. 58 59 Removed 'salt' from cipher input. 60 61 Changed rdbx to use err.h error codes. 62 63 Changed malloc() and free() to xalloc() and xfree; these functions 64 are defined in crypto/kernel/alloc.c and declared in 65 include/alloc.h. 66 67 Added 'output' functions to cipher, in addition to 'encrypt' 68 functions. It is no longer necessary to zeroize a buffer before 69 encrypting in order to get keystream. 70 71 Changed octet_string_hex_string() so that "times two" isn't needed 72 in its input. 73 74 Added crypto_kernel_init() prior to command-line parsing, so that 75 kernel can be passed command-line arguments, such as "-d 76 debug_module". This was done to for the applications 77 test/srtp-driver, test/kernel-driver, and test/ust-driver. 78 79 Improved srtp_init_aes_128_prf - wrote key derivation function 80 (srtp_kdf_t). 81 82 Add the tag_len as an argument to the auth_compute() function, but 83 not the corresponding macro. This change allows the tag length for 84 a given auth func to be set to different values at initialization 85 time. Previously, the structure auth_t contained the 86 output_length, but that value was inaccessible from hmac_compute() 87 and other functions. 88 89 Re-named files from a-b.c to a_b.c. in order to help portability. 90 91 Re-named rijndael to aes (or aes_128 as appropriate). 92 93 941.2.1 95 96 Changes so that 1.2.0 compiles on cygwin-win2k. 97 98 Added better error reporting system. If syslog is present on the 99 OS, then it is used. 100 101 1021.2.0 Many improvements and additions, and a fex fixes 103 104 Fixed endian issues in RTP header construction in the function 105 rtp_sendto() in srtp/rtp.c. 106 107 Implemented RIJNDAEL decryption operation, adding the functions 108 rijndael_decrypt() and rijndael_expand_decryption_key(). Also 109 re-named rijndael_expand_key() to rijndael_expand_encryption_key() 110 for consistency. 111 112 Implemented random number source using /dev/random, in the files 113 crypto/rng/rand_source.c and include/rand_source.h. 114 115 Added index check to SEAL cipher (only values less than 2^32 are 116 allowed) 117 118 Added test case for null_auth authentication function. 119 120 Added a timing test which tests the effect of CPU cache thrash on 121 cipher throughput. The test is done by the function 122 cipher_test_throughput_array(); the function 123 cipher_array_alloc_init() creates an array of ciphers for use in 124 this test. This test can be accessed by using the -a flag to 125 the application cipher-driver in the test subdirectory. 126 127 Added argument processing to ust-driver.c, and added that app to 128 the 'runtest' target in Makefile.in. 129 130 A minor auth_t API change: last argument of auth_init() eliminated. 131 132 1331.0.6 A small but important fix 134 135 Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero() 136 after buffer allocation. 137 138 Eliminated references to no-longer-existing variables in debugging 139 code in srtp/srtp.c. This fixes the compilation failure that 140 occured when using PRINT_DEBUG in that file. 141 142 Corrected spelling of Richard Priestley's name in credits. Sorry 143 Richard! 144 145 1461.0.5 Many little fixes 147 148 Fixed octet_string_set_to_zero(), which was writing one 149 more zero octet than it should. This bug caused srtp_protect() 150 and srtp_unprotect() to overwrite the byte that followed the 151 srtp packet. 152 153 Changed sizeof(uint32_t) to srtp_get_trailer_length() in 154 srtp-driver.c. This is just defensive coding. 155 156 Added NULL check to malloc in srtp_alloc(). 157 158 1591.0.4 Many minor fixes and two big ones (thanks for the bug reports!) 160 161 Removed 'ssrc' from the srtp_init_aes_128_prf() function argument 162 list. This is so that applications which do not a priori know the 163 ssrc which they will be receiving can still use libsrtp. Now the 164 SSRC value is gleaned from the rtp header and exored into the 165 counter mode offset in the srtp_protect() and srtp_unprotect() 166 functions, if that cipher is used. This change cascaed through 167 many other functions, including srtp_init_from_hex(), 168 srtp_sender_init() and srtp_receiver_init() in rtp.c, and also 169 changing the CLI to test/rtpw. In the future, another function 170 call will be added to the library that enables multiple ssrc/key 171 pairs to be installed into the same srtp session, so that libsrtp 172 works with multiple srtp senders. For now, this functionality is 173 lacking. 174 175 Removed the GDOI interface to the rtpw demo program. This will be 176 added again at a later date, after the SRTP and GDOI distributions 177 stabilize. For now, I've left in the GDOI #defines and autoconf 178 definitions so that they'll be in place when needed. 179 180 Updated tmmhv2_compute() so that it didn't assume any particular 181 alginment of the output tag. 182 183 Changed bit field variables in srtp.h to unsigned char from 184 unsigned int in order to avoid a potential endianness issue. 185 186 Fixed rdbx_estimate_index() to handle all input cases. This solves 187 the now notorious "abaft" bug in the rtpw demo app on linux/intel, 188 in which spurious replay protection failures happen after that word 189 is received. 190 191 Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed 192 from rijndael_icm_set_segment(). 193 194 Added error checking and handling to srtp_sender_init() and 195 srtp_receiver_init(). 196 197 Changed srtp_alloc() so that it does what you'd expect: allocate an 198 srtp_ctx_t structure. This hides the library internals. 199 200 2011.0.1 Many minor fixes 202 203 Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This 204 function checks that the byte-buffering functions used by a cipher 205 are correct. 206 207 Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and 208 changed index_t to xtd_seq_num_t (see include/rdbx.h). 209 210 Fixed SEAL3.0 output byte buffering, added byte-buffering test to 211 cipher/cipher-driver.c. 212 213 Fixed roc-driver so that the non-sequential insertion test 214 automatically recovers from bad estimates. This was required to 215 prevent spurious failures. 216 217 Made rdbx_estimate_index(...) function smarter, so that initial RTP 218 sequence numbers greater than 32,768 don't cause it to estimate the 219 rollover counter of 0xffffffff. 220 221 2221.0.0 Initial release 223 224