[Freeswitch-users] Bug in libs/srtp when OpenSSL is used to provide AES-256?
Michael Jerris
mike at jerris.com
Mon Mar 6 03:41:50 MSK 2017
Bugs get filed at https://feeeswitch.org/jira
if this is an issue in upstream libsrtp please file it to them as well.
I'm going to be updating libsrtp soon so we should address this as soon as
possible so they have a chance to get a new libsrtp release out with the
fix.
On Sun, Mar 5, 2017 at 3:56 PM Richard Chan <richard at treeboxsolutions.com>
wrote:
> RFC-6188 violation when FreeSWITCH is compiled with libs/srtp to use
> OpenSSL?
>
> The cipher_id_type_t is set to AES_256_ICM, (if OpenSSL is NOT used then
> the cipher_id_type_t is set to AES_ICM).
>
> This means that in srtp.c: srtp_protect_rtcp() and srtp_unprotect_rtcp()
> the wrong code path will be chosen for the ICM nonce and keystream will be
> reused on consecutive RTCP packets.
>
> srtp_protect_rtcp() also srtp_unprotect_rtcp():
> /*
> * if we're using rindael counter mode, set nonce and seq
> */
> if (stream->rtcp_cipher->type->id == AES_ICM) {
> v128_t iv;
>
> iv.v32[0] = 0;
>
>
> As a result FS 1.6.15 is generating invalid SRTCP packets when AES-256 is
> being used (and libs/srtp is compiled to use OpenSSL).
>
> Note: RTP explicitly checks for AES_ICM and AES_256_ICM so it is not
> affected. It will be affected if AES-192 is chosen. This is also seems to
> be in upstream.
>
>
>
> --
> Richard Chan
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170306/38e7f315/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list