New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support a not in-place api's for protect/unprtect #693
base: main
Are you sure you want to change the base?
Conversation
This PR is set to draft state as it is still a work in progress and can potentially be force updated with breaking changes. |
{ | ||
srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; | ||
|
||
//#todo, this might need som looking at |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: som
// nss requires space for tag, currently we assume that ther is space, this | ||
// should change, the best would be to merge the cipher encrypt and get_tag | ||
// api | ||
*dst_len += 16; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be good if these 16 values were a global const unsigned GCM_Tag_Size = 16;
or similar.
non_null_buf = tagbuf; | ||
non_null_dst_buf = tagbuf; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not know why the original code allowed the source buffer to be NULL
. But now we have a case where the source buffer could be NULL
, but the destination buffer might point to valid memory. It appears this line will cause the output to go into the local tagbuf
, even if a valid dst
was provided. Is that the wanted effect?
uint32_t *b; | ||
const uint32_t *s; | ||
|
||
// check out length if not equal or greater bail! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment suggests there is a length check, but there isn't.
{ | ||
/* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ | ||
(void)cv; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious. Why is this here? Does this prevent the compiler from complaining about unused variables?
uint8_t *srtp, | ||
size_t *srtp_len) | ||
{ | ||
return call_srtp_unprotect2(ctx, srtp, *srtp_len, srtp_len); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not just have call_srtp_unprotect()
do the work of call_srtp_unprotect2()
?
7f7a1a0
to
fa42772
Compare
fa42772
to
8b50c31
Compare
A layer to the srtp driver test is added to be able to run the tests both in-place & not-in-place without duplicating the test. The not-in-place functions are currently a minimal implementation using a memcpy.
The protect/unprotect api's can now operate both in-place or not in-place, depending on the requirements of the caller. The length of the out buffer can now be checked to ensure there is sufficient space. Tests are add to verify validation of the output buffer length.
Also update the minimal code example in README.md to reflect the new api.
The protect/unprotect api's can now operate both in-place or not in-place, depending on the requirements of the caller.
The length of the out buffer can now be checked to ensure there is sufficient space.
This addresses #322 "provide an new version of protect function that does not corrupt memory" and #569 "Please add a "non inplace" protect and unprotect API"
srtp_driver has been updated so all existing test can be run either in-place or not in-place.