libsrtp: Enable AES-GCM and AES-NI #763
Comments
|
Thanks for bringing this up Alexander. It certainly sounds interesting and worthwhile. I'll look into it when I have some spare time.
|
micmac1
added a commit
to micmac1/telephony
that referenced
this issue
Apr 30, 2022
Use OpenSSL instead of the internal crypto backend. Everything in
OpenWrt that links to libsrtp2 depends on OpenSSL anyway.
Upsides:
- the libsrtp2 package size shrinks a bit (for example from 35 to 24
KiB on ath79)
- allows to use more cipher suites
- may allow for hardware acceleration
Closes openwrt#763
Signed-off-by: Sebastian Kemper <[email protected]>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
libSRTP comes with a build-in crypto backend. That is deprecated for several years already. However, the script configure did not change. The libSRTP supports several external crypto backend by now (NSS, mbed TLS, …), but OpenSSL is the one maintained by its core developers, see cisco/libsrtp#579 for details. Those enable beside the existing AES-CBC also AES-GCM as crypto suites. And leverage AES-NI as a side-effect.
I do not have a full blow toolchain running right now, because I come from a down-down-down-stream project. Therefore, I cannot provide a complete Pull Request. However, I think a
CONFIGURE_ARGS += --enable-opensslin the Makefile does the trick for OpenWrt. Digium Asterisk and Teluu PJProject are well tested in that scenario—in PJProject, this the default with its internal libSRTP (seeSRTP_OTHER_CFLAGS)—and therefore should not raise any unknown issues.The text was updated successfully, but these errors were encountered: