[Freeswitch-users] Bug in libs/srtp when OpenSSL is used to provide AES-256?
Richard Chan
richard at treeboxsolutions.com
Mon Mar 6 01:53:05 MSK 2017
RFC-6188 violation when FreeSWITCH is compiled with libs/srtp to use
OpenSSL?
The cipher_id_type_t is set to AES_256_ICM, (if OpenSSL is NOT used then
the cipher_id_type_t is set to AES_ICM).
This means that in srtp.c: srtp_protect_rtcp() and srtp_unprotect_rtcp()
the wrong code path will be chosen for the ICM nonce and keystream will be
reused on consecutive RTCP packets.
srtp_protect_rtcp() also srtp_unprotect_rtcp():
/*
* if we're using rindael counter mode, set nonce and seq
*/
if (stream->rtcp_cipher->type->id == AES_ICM) {
v128_t iv;
iv.v32[0] = 0;
As a result FS 1.6.15 is generating invalid SRTCP packets when AES-256 is
being used (and libs/srtp is compiled to use OpenSSL).
Note: RTP explicitly checks for AES_ICM and AES_256_ICM so it is not
affected. It will be affected if AES-192 is chosen. This is also seems to
be in upstream.
--
Richard Chan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170306/eb274b71/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list