Closed cameronelliott closed 1 year ago
For example, this is an area of confusion for me, especially since the libsrtp codebase seems to
currently contain warnings about the use of GCM requiring --enable-openssl
. warning link
It seems many or all of these operations did require --enable-openssl
? (in older versions of libsrtp?),
But that no longer seems to be true, as maybe libsrtp was enhanced to contain all these??
aes_cm_192_hmac_sha1_80
aes_cm_192_hmac_sha1_32
aes_cm_192_null_auth
aes_gcm_128_8_auth
aes_gcm_256_8_auth
aes_gcm_128_8_only_auth
aes_gcm_256_8_only_auth
aes_gcm_128_16_auth
aes_gcm_256_16_auth
So, I'm scratching my head wondering, "if all these methods are now included in libsrtp", what is the purpose or function of linking or enabling Openssl?. Thanks
Ok, So I have done some more homework, and I'm back! here is what I have discovered:
Using AES CM protect without ./configure --open-ssl
: will link & work, but is relatively slower (~~10x slower)
Using AES CM protect with ./configure --open-ssl
: will link & work, but is relatively faster (~~10x faster)
Using AES GCM protect without ./configure --open-ssl
: will link, but fail at srtp_create(&session, &policy)
Using AES GCM protect with ./configure --open-ssl
: will link & and work
I haven't really explored the 192 bit options.
Please feel free to close this issue.
Will follow up on this and update ReadMe next week
Have add some comments, probably could do more, input welcome.
Update:
I didn't really understand how
./configure --open-ssl
affected both AES CM and AES GM behavior. I did some testing/benchmarking I summarized my learning in a comment future down: https://github.com/cisco/libsrtp/issues/620#issuecomment-1331439669Maybe I overlooked the docs explaining how
./configure --open-ssl
affects the library performance/support, but if not, I could offer to update/PR the Readme, or create a new .md that explains a little about./configure --open-ssl
in relation to both AES-CM, and AES-GM.Thanks!! Cameron
----- old text: poor, incorrect understanding of
./configure --open-ssl
-----Would @pabuhler or another contributor consider writing a summary of how and when Openssl is needed or used with libsrtp?
It seems like it might have been needed for AES GCM, for example: warning about AES GCM
But it seems it is not required these days for AES GCM, I believe I have done some GCM testing using
libsrtp
without openssl.I think the openssl flag would be clearer to outsiders if we had two things:
--enable-openssl
flag.--enable-openssl
flag. (for example, my testing/timing indicates AES GCM can be done both internally in libsrtp, or using openssl)If we had a short writeup, it would be great to have it linked from the Readme or even inside the Readme.
I don't know enough to write this up, but let me know if I could help somehow. Maybe a review or comments.