align behavior when using keystream prefix

The keystream prefix needs to be placed in auth tag before the auth is calculated. This was done for all protect / unprotect functions except unprotect_rtcp. Now functionality is aligned.

srtp/srtp.c

@@ -4263,6 +4263,21 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
         return srtp_err_status_cipher_fail;
     }
 
+    /*
+     * if we're authenticating using a universal hash, put the keystream
+     * prefix into the authentication tag
+     */
+    prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth);
+    if (prefix_len) {
+        status =
+            srtp_cipher_output(session_keys->rtcp_cipher, tmp_tag, &prefix_len);
+        debug_print(mod_srtp, "keystream prefix: %s",
+                    srtp_octet_string_hex_string(tmp_tag, prefix_len));
+        if (status) {
+            return srtp_err_status_cipher_fail;
+        }
+    }
+
     /* initialize auth func context */
     status = srtp_auth_start(session_keys->rtcp_auth);
     if (status) {
@@ -4285,21 +4300,6 @@ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx,
         return srtp_err_status_auth_fail;
     }
 
-    /*
-     * if we're authenticating using a universal hash, put the keystream
-     * prefix into the authentication tag
-     */
-    prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth);
-    if (prefix_len) {
-        status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag,
-                                    &prefix_len);
-        debug_print(mod_srtp, "keystream prefix: %s",
-                    srtp_octet_string_hex_string(auth_tag, prefix_len));
-        if (status) {
-            return srtp_err_status_cipher_fail;
-        }
-    }
-
     /* if we're decrypting, exor keystream into the message */
     if (enc_start) {
         status = srtp_cipher_decrypt(session_keys->rtcp_cipher, enc_start,