[Freeswitch-users] Bug in libs/srtp when OpenSSL is used to provide AES-256?

Richard Chan richard at treeboxsolutions.com
Mon Mar 6 01:53:05 MSK 2017


RFC-6188 violation when FreeSWITCH is compiled with libs/srtp to use
OpenSSL?

The cipher_id_type_t is set to AES_256_ICM, (if OpenSSL is NOT used then
the cipher_id_type_t is set to AES_ICM).

This means that in srtp.c: srtp_protect_rtcp() and srtp_unprotect_rtcp()
the wrong code path will be chosen for the ICM nonce and keystream will be
reused on consecutive RTCP packets.

srtp_protect_rtcp() also srtp_unprotect_rtcp():
  /*
   * if we're using rindael counter mode, set nonce and seq
   */
  if (stream->rtcp_cipher->type->id == AES_ICM) {
    v128_t iv;

    iv.v32[0] = 0;


As a result FS 1.6.15 is generating invalid SRTCP packets when AES-256 is
being used (and libs/srtp is compiled to use OpenSSL).

Note: RTP explicitly checks for AES_ICM and AES_256_ICM so it is not
affected. It will be affected if AES-192 is chosen. This is also seems to
be in upstream.



-- 
Richard Chan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170306/eb274b71/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list