[libsrtp] Soliciting feedback on new AES-GCM related bug found in libSRTP 1.5.4 & 2.0.0

Pascal Buhler (pabuhler) pabuhler at cisco.com
Thu Feb 23 07:30:16 EST 2017


The following bug was recently reported on github https://github.com/cisco/libsrtp/issues/256, this bug relates to AES-GCM on little-endian system.
Fixing this bug will cause some backward compatibility issues with existing libSRTP version, but not fixing is not really an option due to interop issues with other AES-GCM implementations as well as it being a potential security problem.
Current plan is to fix as part of the upcoming 2.1.0 release and then simultaneously create patch release for 1.5.x.
If this bug affects your usage of libSRTP and you would like to discuss how a fix is released then please reply to this mail at libsrtp at lists.packetizer.com<mailto:libsrtp at lists.packetizer.com> or else comment directly on the github issue.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.packetizer.com/pipermail/libsrtp/attachments/20170223/82a4ebcf/attachment.html>

More information about the libsrtp mailing list