Changelog 1.3.20 Lots of changes. Thanks to Jeff Chan for catching a memory leak and helping track down the endian issues with the SSRCs. 1.3.8 This is an interim release. Several little-endian bugs were identified and fixed; this means that we can use intel/linux for development again. Cleaned up sha1 and hmac code significantly, got rid of some excess functions and properly documented the fuctions in the .h files. Eliminated some vestigial files. There is a SIGBUS error in the AES encrypt function on sparc (observed on both solaris and openbsd) with gcc 2.95. Was unable to find bad pointer anywhere, so I'm wondering if it isn't a compiler problem (there's a known problem whose profile it fits). It doesn't appear on any other platform, even in the cipher_driver stress tests. Planned changes Change interface to nonces (xtd_seq_num_t) so that it uses network byte ordering, and is consistent with other arguments. 1.3.6 Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to /dev/urandom; the latter is non-blocking on all known platforms (which corrects some programs that seem to hang) and is actually present on Open BSD (unlike /dev/random, which only works in the presence of hardware supported random number generation). Added machine/types.h case in include/integers.h. 1.3.5 Removing srtp_t::template and stream_clone(). Adding a new policy structure, which will reflect a complete SRTP policy (including SRTCP). This version is *incomplete* and will undergo more changes. It is provided only as a basis for discussion. 1.3.4 Removed tmmh.c and tmmh.h, which implemented version one of TMMH. Changed srtp_get_trailer_length() to act on streams rather than sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should usually be used rather than that function. Removed 'salt' from cipher input. Changed rdbx to use err.h error codes. Changed malloc() and free() to xalloc() and xfree; these functions are defined in crypto/kernel/alloc.c and declared in include/alloc.h. Added 'output' functions to cipher, in addition to 'encrypt' functions. It is no longer necessary to zeroize a buffer before encrypting in order to get keystream. Changed octet_string_hex_string() so that "times two" isn't needed in its input. Added crypto_kernel_init() prior to command-line parsing, so that kernel can be passed command-line arguments, such as "-d debug_module". This was done to for the applications test/srtp-driver, test/kernel-driver, and test/ust-driver. Improved srtp_init_aes_128_prf - wrote key derivation function (srtp_kdf_t). Add the tag_len as an argument to the auth_compute() function, but not the corresponding macro. This change allows the tag length for a given auth func to be set to different values at initialization time. Previously, the structure auth_t contained the output_length, but that value was inaccessible from hmac_compute() and other functions. Re-named files from a-b.c to a_b.c. in order to help portability. Re-named rijndael to aes (or aes_128 as appropriate). 1.2.1 Changes so that 1.2.0 compiles on cygwin-win2k. Added better error reporting system. If syslog is present on the OS, then it is used. 1.2.0 Many improvements and additions, and a fex fixes Fixed endian issues in RTP header construction in the function rtp_sendto() in srtp/rtp.c. Implemented RIJNDAEL decryption operation, adding the functions rijndael_decrypt() and rijndael_expand_decryption_key(). Also re-named rijndael_expand_key() to rijndael_expand_encryption_key() for consistency. Implemented random number source using /dev/random, in the files crypto/rng/rand_source.c and include/rand_source.h. Added index check to SEAL cipher (only values less than 2^32 are allowed) Added test case for null_auth authentication function. Added a timing test which tests the effect of CPU cache thrash on cipher throughput. The test is done by the function cipher_test_throughput_array(); the function cipher_array_alloc_init() creates an array of ciphers for use in this test. This test can be accessed by using the -a flag to the application cipher-driver in the test subdirectory. Added argument processing to ust-driver.c, and added that app to the 'runtest' target in Makefile.in. A minor auth_t API change: last argument of auth_init() eliminated. 1.0.6 A small but important fix Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero() after buffer allocation. Eliminated references to no-longer-existing variables in debugging code in srtp/srtp.c. This fixes the compilation failure that occured when using PRINT_DEBUG in that file. Corrected spelling of Richard Priestley's name in credits. Sorry Richard! 1.0.5 Many little fixes Fixed octet_string_set_to_zero(), which was writing one more zero octet than it should. This bug caused srtp_protect() and srtp_unprotect() to overwrite the byte that followed the srtp packet. Changed sizeof(uint32_t) to srtp_get_trailer_length() in srtp-driver.c. This is just defensive coding. Added NULL check to malloc in srtp_alloc(). 1.0.4 Many minor fixes and two big ones (thanks for the bug reports!) Removed 'ssrc' from the srtp_init_aes_128_prf() function argument list. This is so that applications which do not a priori know the ssrc which they will be receiving can still use libsrtp. Now the SSRC value is gleaned from the rtp header and exored into the counter mode offset in the srtp_protect() and srtp_unprotect() functions, if that cipher is used. This change cascaed through many other functions, including srtp_init_from_hex(), srtp_sender_init() and srtp_receiver_init() in rtp.c, and also changing the CLI to test/rtpw. In the future, another function call will be added to the library that enables multiple ssrc/key pairs to be installed into the same srtp session, so that libsrtp works with multiple srtp senders. For now, this functionality is lacking. Removed the GDOI interface to the rtpw demo program. This will be added again at a later date, after the SRTP and GDOI distributions stabilize. For now, I've left in the GDOI #defines and autoconf definitions so that they'll be in place when needed. Updated tmmhv2_compute() so that it didn't assume any particular alginment of the output tag. Changed bit field variables in srtp.h to unsigned char from unsigned int in order to avoid a potential endianness issue. Fixed rdbx_estimate_index() to handle all input cases. This solves the now notorious "abaft" bug in the rtpw demo app on linux/intel, in which spurious replay protection failures happen after that word is received. Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed from rijndael_icm_set_segment(). Added error checking and handling to srtp_sender_init() and srtp_receiver_init(). Changed srtp_alloc() so that it does what you'd expect: allocate an srtp_ctx_t structure. This hides the library internals. 1.0.1 Many minor fixes Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This function checks that the byte-buffering functions used by a cipher are correct. Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and changed index_t to xtd_seq_num_t (see include/rdbx.h). Fixed SEAL3.0 output byte buffering, added byte-buffering test to cipher/cipher-driver.c. Fixed roc-driver so that the non-sequential insertion test automatically recovers from bad estimates. This was required to prevent spurious failures. Made rdbx_estimate_index(...) function smarter, so that initial RTP sequence numbers greater than 32,768 don't cause it to estimate the rollover counter of 0xffffffff. 1.0.0 Initial release