Support a not in-place api's for protect/unprtect #693
Conversation
|
This PR is set to draft state as it is still a work in progress and can potentially be force updated with breaking changes. |
| { | ||
| srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; | ||
|
|
||
| //#todo, this might need som looking at |
| // nss requires space for tag, currently we assume that ther is space, this | ||
| // should change, the best would be to merge the cipher encrypt and get_tag | ||
| // api | ||
| *dst_len += 16; |
There was a problem hiding this comment.
It would be good if these 16 values were a global const unsigned GCM_Tag_Size = 16; or similar.
| non_null_buf = tagbuf; | ||
| non_null_dst_buf = tagbuf; |
There was a problem hiding this comment.
I do not know why the original code allowed the source buffer to be NULL. But now we have a case where the source buffer could be NULL, but the destination buffer might point to valid memory. It appears this line will cause the output to go into the local tagbuf, even if a valid dst was provided. Is that the wanted effect?
| uint32_t *b; | ||
| const uint32_t *s; | ||
|
|
||
| // check out length if not equal or greater bail! |
There was a problem hiding this comment.
Comment suggests there is a length check, but there isn't.
| { | ||
| /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ | ||
| (void)cv; |
There was a problem hiding this comment.
Curious. Why is this here? Does this prevent the compiler from complaining about unused variables?
| uint8_t *srtp, | ||
| size_t *srtp_len) | ||
| { | ||
| return call_srtp_unprotect2(ctx, srtp, *srtp_len, srtp_len); |
There was a problem hiding this comment.
Why not just have call_srtp_unprotect() do the work of call_srtp_unprotect2()?
pabuhler
force-pushed
the
not-in-place-api
branch
from
7f7a1a0
to
fa42772
Compare
pabuhler
force-pushed
the
not-in-place-api
branch
from
fa42772
to
8b50c31
Compare
A layer to the srtp driver test is added to be able to run the tests both in-place & not-in-place without duplicating the test. The not-in-place functions are currently a minimal implementation using a memcpy.
The protect/unprotect api's can now operate both in-place or not in-place, depending on the requirements of the caller. The length of the out buffer can now be checked to ensure there is sufficient space. Tests are add to verify validation of the output buffer length.
Also update the minimal code example in README.md to reflect the new api.
The protect/unprotect api's can now operate both in-place or not in-place, depending on the requirements of the caller.
The length of the out buffer can now be checked to ensure there is sufficient space.
This addresses #322 "provide an new version of protect function that does not corrupt memory" and #569 "Please add a "non inplace" protect and unprotect API"
srtp_driver has been updated so all existing test can be run either in-place or not in-place.