1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
==== //depot/google3/third_party/libsrtp/README.google#8 - None ====
# action=edit type=text
--- google3/third_party/libsrtp/README.google 2011-02-22 19:05:30.000000000 -0800
+++ google3/third_party/libsrtp/README.google 2011-05-27 17:56:49.000000000 -0700
@@ -21,4 +21,6 @@
- all patches are stored individually in the googlepatches subdirectory
- iOS related changes.
undefine HAVE_BYTESWAP_H in config.h
- Fix debug build compile errors: added static keyword to inline methods and undefined DEBUG before #define DEBUG
\ No newline at end of file
+ Fix debug build compile errors: added static keyword to inline methods and undefined DEBUG before #define DEBUG
+- Fixed a bug related to replay detection when sequence number rolls back
+ arround 0. (Currently contacting libsrtp developers for upstream.)
==== //depot/google3/third_party/libsrtp/crypto/replay/rdbx.c#5 - None ====
# action=edit type=text
--- google3/third_party/libsrtp/crypto/replay/rdbx.c 2010-02-25 06:36:30.000000000 -0800
+++ google3/third_party/libsrtp/crypto/replay/rdbx.c 2011-05-27 17:56:49.000000000 -0700
@@ -145,7 +145,16 @@
if (local_seq < seq_num_median) {
if (s - local_seq > seq_num_median) {
guess_roc = local_roc - 1;
- difference = seq_num_max - s + local_seq;
+ // The return value is the relative difference from local_seq to s.
+ // The original value is negation of its purpose. According to document
+ // http://www.ietf.org/rfc/rfc3711.txt, when this condition is true, the
+ // resulting new index should be (local_roc-1, s). But original logic
+ // will end up positive difference and rdbx_check would pass. Hence after
+ // rdbx_add_index would make local index to be the wrong value because
+ // local index should not be updated in this case. For example, when
+ // local index is (1, 100) and next sequence is 65530, the wrong updated
+ // index would be (1, 205).
+ difference = s - local_seq - seq_num_max;
} else {
guess_roc = local_roc;
difference = s - local_seq;
==== //depot/google3/third_party/libsrtp/test/rdbx_driver.c#5 - None ====
# action=edit type=text
--- google3/third_party/libsrtp/test/rdbx_driver.c 2010-02-25 06:36:30.000000000 -0800
+++ google3/third_party/libsrtp/test/rdbx_driver.c 2011-05-27 17:56:49.000000000 -0700
@@ -226,7 +226,7 @@
* test sequential insertion
*/
printf("\ttesting sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
+ for (idx=0; idx < (uint32_t)num_trials; idx++) {
status = rdbx_check_add(&rdbx, idx);
if (status)
return status;
@@ -245,7 +245,7 @@
printf("warning: no false positive tests performed\n");
}
printf("\ttesting for false positives...");
- for (idx=0; idx < num_fp_trials; idx++) {
+ for (idx=0; idx < (uint32_t)num_fp_trials; idx++) {
status = rdbx_check_expect_failure(&rdbx, idx);
if (status)
return status;
@@ -269,12 +269,34 @@
ut_init(&utc);
printf("\ttesting non-sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
+ for (idx=0; idx < (uint32_t)num_trials; idx++) {
ircvd = ut_next_index(&utc);
status = rdbx_check_unordered(&rdbx, ircvd);
if (status)
return status;
}
+ printf("passed\n");
+
+ /*
+ * test a replay condition close to zero.
+ */
+ rdbx_uninit(&rdbx);
+
+ if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ printf("replay_init failed\n");
+ return err_status_init_fail;
+ }
+
+ printf("\ttesting replay close to zero...");
+ status = rdbx_check_add(&rdbx, 1);
+ if (status)
+ return status;
+ status = rdbx_check_expect_failure(&rdbx, 64500);
+ if (status)
+ return status;
+ status = rdbx_check_add(&rdbx, 2);
+ if (status)
+ return status;
printf("passed\n");
rdbx_uninit(&rdbx);
@@ -303,7 +325,7 @@
failures = 0;
timer = clock();
- for(i=0; i < num_trials; i++) {
+ for(i=0; i < (uint32_t)num_trials; i++) {
delta = index_guess(&rdbx.index, &est, i);
@@ -321,4 +343,3 @@
return (double) CLOCKS_PER_SEC * num_trials / timer;
}
-
|
