I have read #620 and #464 and tried the solution discussed. I am using openssl-1.1.1s and libsrtp-2.3.0, this is my configure command and output:
./configure --enable-openssl --prefix=/usr/local/libsrtp2_3/ --with-openssl-dir=/usr/local/ssl_1_1_1s/
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking how to run the C preprocessor... gcc -E
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking for ar... ar
checking the archiver (ar) interface... ar
checking for ranlib... ranlib
checking for a BSD-compatible install... /usr/bin/install -c
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether byte ordering is bigendian... no
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking whether gcc accepts -Werror... yes
checking whether gcc accepts -fPIC... yes
checking whether gcc accepts -Wall... yes
checking whether gcc accepts -pedantic... yes
checking whether gcc accepts -Wstrict-prototypes... yes
checking whether gcc accepts -O4... yes
checking whether gcc accepts -fexpensive-optimizations... yes
checking whether gcc accepts -funroll-loops... yes
checking whether gcc accepts -Wno-language-extension-token... no
checking for ANSI C header files... (cached) yes
checking for unistd.h... (cached) yes
checking for byteswap.h... yes
checking for stdint.h... (cached) yes
checking for sys/uio.h... yes
checking for inttypes.h... (cached) yes
checking for sys/types.h... (cached) yes
checking for machine/types.h... no
checking for sys/int_types.h... no
checking for sys/socket.h... yes
checking for netinet/in.h... yes
checking for arpa/inet.h... yes
checking for windows.h... no
checking for int8_t... yes
checking for uint8_t... yes
checking for int16_t... yes
checking for uint16_t... yes
checking for int32_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking size of unsigned long... 8
checking size of unsigned long long... 8
checking for an ANSI C-conforming const... yes
checking for inline... inline
checking for size_t... yes
checking for socket... yes
checking for inet_aton... yes
checking for usleep... yes
checking for sigaction... yes
checking whether to enable debug logging in all modules... no
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking whether to leverage OpenSSL crypto... yes
checking whether to leverage NSS crypto... no
checking for user specified OpenSSL directory... /usr/local/ssl_1_1_1s/
checking for crypto... yes
checking for library containing EVP_EncryptInit... none required
checking for library containing EVP_aes_128_ctr... none required
checking for library containing EVP_aes_128_gcm... none required
checking if OPENSSL_cleanse is broken... no
checking whether to leverage OpenSSL KDF algorithm... no
checking for pcap_create in -lpcap... yes
checking for pcap_create in -lwpcap... no
checking whether to redirect logging to stdout... no
checking wheather to use a file for logging... no
checking for extra C compiler flags... no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating crypto/Makefile
config.status: creating doc/Makefile
config.status: creating fuzzer/Makefile
config.status: creating libsrtp2.pc
config.status: creating crypto/include/config.h
As can be seen in above config log checking for library containing EVP_aes_128_gcm... none required here it is 'none required' instead of 'yes'. Which I suspect the reason for srtp_err_status_bad_param when I call srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, srtp_profile_aead_aes_128_gcm), based on https://github.com/cisco/libsrtp/blob/main/srtp/srtp.c#L4531-L4538. My same code works for srtp_profile_aes128_cm_sha1_32 and srtp_profile_aes128_cm_sha1_80 srtp_profiles.
I have tried compiling and linking with libsrtp-2.5.0 as well, I see same issue in config log and error when calling the API.
Can anyone please tell me how do I enable GCM srtp profiles in libsrtp? Or if anything extra I need to do to use srtp_profile_aead_aes_128_gcm and srtp_profile_aead_aes_256_gcm that I am missing. Thankyou!
I have read #620 and #464 and tried the solution discussed. I am using
openssl-1.1.1s
andlibsrtp-2.3.0
, this is my configure command and output:As can be seen in above config log
checking for library containing EVP_aes_128_gcm... none required
here it is 'none required' instead of 'yes'. Which I suspect the reason forsrtp_err_status_bad_param
when I callsrtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, srtp_profile_aead_aes_128_gcm)
, based on https://github.com/cisco/libsrtp/blob/main/srtp/srtp.c#L4531-L4538. My same code works forsrtp_profile_aes128_cm_sha1_32
andsrtp_profile_aes128_cm_sha1_80
srtp_profiles. I have tried compiling and linking withlibsrtp-2.5.0
as well, I see same issue in config log and error when calling the API.Can anyone please tell me how do I enable GCM srtp profiles in libsrtp? Or if anything extra I need to do to use
srtp_profile_aead_aes_128_gcm
andsrtp_profile_aead_aes_256_gcm
that I am missing. Thankyou!