1948729 – srtp_init() always returns srtp_err_status_cipher_fail

Bug 1948729 - srtp_init() always returns srtp_err_status_cipher_fail

Summary: srtp_init() always returns srtp_err_status_cipher_fail

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libsrtp
Sub Component:
Version:	34
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Tom "spot" Callaway
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-04-12 20:17 UTC by George Joseph
Modified:	2023-11-01 00:01 UTC (History)
CC List:	3 users (show)
Fixed In Version:	libsrtp-2.3.0-6.fc34
Clone Of:
Environment:
Last Closed:	2021-04-24 20:12:51 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
srtp test program (198 bytes, text/plain) 2021-04-12 20:17 UTC, George Joseph	no flags	Details
Alows building against nss-3.63+ (586 bytes, patch) 2021-04-15 17:40 UTC, George Joseph	no flags	Details \| Diff
View All

Description George Joseph 2021-04-12 20:17:48 UTC

Created attachment 1771431 [details]
srtp test program

Description of problem:

srtp_init() always returns srtp_err_status_cipher_fail

Version-Release number of selected component (if applicable):


2.3.0-5.fc34

How reproducible:

Constant

Steps to Reproduce:
1. Create small test program that calls srtp_init().  Check the return code.
2.
3.

Actual results:

Return code is always srtp_err_status_cipher_fail

Expected results:

Return code is srtp_err_status_ok


Additional info:

libsrtp2 v2.3.0 compiled from source works fine.
Compile attach test program with
gcc -ggdb -o test_srtp -lsrtp2 test_srtp.c

Asterisk issue ID: https://issues.asterisk.org/jira/browse/ASTERISK-29387

Comment 1 George Joseph 2021-04-15 17:40:19 UTC

Created attachment 1772232 [details]
Alows building against nss-3.63+

The issue turns out to be an incompatibility with nss-3.63 shipped with F34.  The attached patch adds NSS_PKCS11_2_0_COMPAT defines to 2 header files to enable the backward compatibility.  The same fix is already in the upstream github repo and is targeted for the next libsrtp release.

Comment 2 Fedora Update System 2021-04-15 18:17:00 UTC

FEDORA-2021-9ac23c1745 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-9ac23c1745

Comment 3 Tom "spot" Callaway 2021-04-15 18:22:37 UTC

Thank you so much for tracking down the fix here!

Comment 4 Fedora Update System 2021-04-15 19:29:23 UTC

FEDORA-2021-9ac23c1745 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-9ac23c1745`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9ac23c1745

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Fedora Update System 2021-04-24 20:12:51 UTC

FEDORA-2021-9ac23c1745 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 6 Trevor Hemsley 2023-11-01 00:01:37 UTC

This bug is also present in RHEL 9.0 - 9.2's libsrtp and teh same patch applied to the source there fixes that too.

Note You need to log in before you can comment on or make changes to this bug.