diff -up srtp/srtp/srtp.c.CVE20132139 srtp/srtp/srtp.c --- srtp/srtp/srtp.c.CVE20132139 2013-12-30 11:47:39.477223492 -0500 +++ srtp/srtp/srtp.c 2013-12-30 11:49:44.580162545 -0500 @@ -2045,22 +2045,21 @@ crypto_policy_set_from_profile_for_rtp(c switch(profile) { case srtp_profile_aes128_cm_sha1_80: crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); - crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); break; case srtp_profile_aes128_cm_sha1_32: - crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + /* We do not honor the 32-bit auth tag request since + * this is not compliant with RFC 3711 */ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); break; case srtp_profile_null_sha1_80: crypto_policy_set_null_cipher_hmac_sha1_80(policy); - crypto_policy_set_null_cipher_hmac_sha1_80(policy); break; case srtp_profile_aes256_cm_sha1_80: crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); - crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); break; case srtp_profile_aes256_cm_sha1_32: - crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); + /* We do not honor the 32-bit auth tag request since + * this is not compliant with RFC 3711 */ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); break; /* the following profiles are not (yet) supported */ @@ -2082,7 +2081,7 @@ crypto_policy_set_from_profile_for_rtcp( crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); break; case srtp_profile_aes128_cm_sha1_32: - crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); break; case srtp_profile_null_sha1_80: crypto_policy_set_null_cipher_hmac_sha1_80(policy); @@ -2091,7 +2090,7 @@ crypto_policy_set_from_profile_for_rtcp( crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); break; case srtp_profile_aes256_cm_sha1_32: - crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); break; /* the following profiles are not (yet) supported */ case srtp_profile_null_sha1_32: