<div dir="ltr"><div>RFC-6188 violation when FreeSWITCH is compiled with libs/srtp to use OpenSSL?</div><div><br></div><div>The cipher_id_type_t is set to AES_256_ICM, (if OpenSSL is NOT used then the cipher_id_type_t is set to AES_ICM).<br></div><div><br></div><div>This means that in srtp.c: srtp_protect_rtcp() and srtp_unprotect_rtcp() the wrong code path will be chosen for the ICM nonce and keystream will be reused on consecutive RTCP packets.</div><div><br></div><div>srtp_protect_rtcp() also srtp_unprotect_rtcp():</div><div><div> /* </div><div> * if we're using rindael counter mode, set nonce and seq </div><div> */</div><div> if (stream->rtcp_cipher->type->id == AES_ICM) {</div><div> v128_t iv;</div><div> </div><div> iv.v32[0] = 0;</div></div><div><br></div><div><br></div><div>As a result FS 1.6.15 is generating invalid SRTCP packets when AES-256 is being used (and libs/srtp is compiled to use OpenSSL).</div><div><br></div><div>Note: RTP explicitly checks for AES_ICM and AES_256_ICM so it is not affected. It will be affected if AES-192 is chosen. This is also seems to be in upstream.</div><div><br></div><div><br></div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><font color="#000000" face="Droid Sans"><span style="font-size:15px">Richard Chan</span></font></div><div dir="ltr"><br></div></div></div></div>
</div>