SquashSRS4: Add security scan. Feed TWCC before drop PT.

2025-03-09 15:49:59 +00:00 · 2021-03-11 16:55:05 +08:00 · 2021-03-11 16:55:05 +08:00 · 4f1aa924e6
commit 4f1aa924e6
parent e74810230a
3 changed files with 74 additions and 20 deletions
--- a/trunk/auto/depends.sh
+++ b/trunk/auto/depends.sh
@ -552,18 +552,6 @@ fi
 #####################################################################################
 # srtp
 #####################################################################################
-# For openssl-1.1.*, we should disable SRTP ASM, because SRTP only works with openssl-1.0.*
-if [[ $SRS_SRTP_ASM == YES ]]; then
-    echo "  #include <openssl/ssl.h>                              " > ${SRS_OBJS}/_tmp_srtp_asm_detect.c
-    echo "  #if OPENSSL_VERSION_NUMBER >= 0x10100000L // v1.1.x   " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
-    echo "  #error \"SRTP only works with openssl-1.0.*\"         " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
-    echo "  #endif                                                " >> ${SRS_OBJS}/_tmp_srtp_asm_detect.c
-    ${SRS_TOOL_CC} -c ${SRS_OBJS}/_tmp_srtp_asm_detect.c -I${SRS_OBJS}/openssl/include -o /dev/null >/dev/null 2>&1
-    if [[ $? -ne 0 ]]; then
-        SRS_SRTP_ASM=NO && echo "Warning: Disable SRTP-ASM optimization, please update docker";
-    fi
-    rm -f ${SRS_OBJS}/_tmp_srtp_asm_detect.c
-fi;
 SRTP_CONFIG="echo SRTP without openssl(ASM) optimization" && SRTP_OPTIONS=""
 # If use ASM for SRTP, we enable openssl(with ASM).
 if [[ $SRS_SRTP_ASM == YES ]]; then
--- a/trunk/src/app/srs_app_rtc_conn.cpp
+++ b/trunk/src/app/srs_app_rtc_conn.cpp
@ -1116,14 +1116,6 @@ srs_error_t SrsRtcPublishStream::on_rtp(char* data, int nb_data)
        return err;
    }

-    // If payload type is configed to drop, ignore this packet.
-    if (pt_to_drop_) {
-        uint8_t pt = srs_rtp_fast_parse_pt(data, nb_data);
-        if (pt_to_drop_ == pt) {
-            return err;
-        }
-    }
-
    // Decode the header first.
    if (twcc_id_) {
        // We must parse the TWCC from RTP header before SRTP unprotect, because:
@ -1140,6 +1132,14 @@ srs_error_t SrsRtcPublishStream::on_rtp(char* data, int nb_data)
        }
    }

+    // If payload type is configed to drop, ignore this packet.
+    if (pt_to_drop_) {
+        uint8_t pt = srs_rtp_fast_parse_pt(data, nb_data);
+        if (pt_to_drop_ == pt) {
+            return err;
+        }
+    }
+
    // Decrypt the cipher to plaintext RTP data.
    char* plaintext = data;
    int nb_plaintext = nb_data;