srtp_policy: add force_zero_roc policy flag #653
Closed
Commits on Aug 30, 2023
-
srtp_policy: add force_zero_roc policy flag
Note that if the ROC is forced to zero, only 2^16 packets can be sent with a given (master or session) key or a severe security weakness is introduced! See Section 3.3.1 of RFC 3711: Each time the RTP sequence number, SEQ, wraps modulo 2^16, the sender side MUST increment ROC by one, modulo 2^32. This patch is added to cover an old and wrong srtp implementation where no authentication (and related to that), no ROC increment was done. So, please don't use it, unless you are for legacy reasons enforced to do so. Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.