[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Feb 4 09:40:29 CST 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18674
======================================================================
Reported By: bbeers
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18674
Category: Channels/chan_sip/SRTP
Reproducibility: always
Severity: minor
Priority: normal
Status: feedback
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 303637
Request Review:
======================================================================
Date Submitted: 2011-01-25 09:56 CST
Last Modified: 2011-02-04 09:40 CST
======================================================================
Summary: [patch] Unable to choose which SRTP suite to offer
Description:
Setting encryption=yes in sip.conf will cause asterisk to
generate a line in SIP INVITE SDP:
a=crypto: AES_CM_128_HMAC_SHA1_80 ...
There is no way to specify that asterisk should offer
AES_CM_128_HMAC_SHA1_32 instead of
AES_CM_128_HMAC_SHA1_80.
======================================================================
----------------------------------------------------------------------
(0131501) bbeers (reporter) - 2011-02-04 09:40
https://issues.asterisk.org/view.php?id=18674#c131501
----------------------------------------------------------------------
kapo: Your results are using 05.patch?
What do you set encryption= in sip.conf?
( 5 options: no entry, yes|no|aes_80|aes_32 )
How is this result different from unpatched 1.8.2.3?
( 3 options: no entry, yes|no )
Can you show the asterisk trace, where Cisco INVITE SDP
is parsed and SRTP_CRYPTO_SUITE flag buts are set?
I think 05.patch should work for you if you set encryption=aes_32.
Since Cisco INVITE has both, but Asterisk only uses the first
a=crypto: line it sees (which in this case is _32), you could
get by with a single line patch to force Asterisk to use aes_32.
If you like, try applying just this, in channels/sip/sdp_crypto.c:
int sdp_crypto_offer(struct sdp_crypto *p)
{
char crypto_buf[128];
- const char *crypto_suite = "AES_CM_128_HMAC_SHA1_80"; /* Crypto
offer */
+ const char *crypto_suite = "AES_CM_128_HMAC_SHA1_32"; /* Crypto
offer */
if (p->a_crypto) {
ast_free(p->a_crypto);
It worked for me, but now you can't do aes_80 at all.
c1nco & gilles: Any luck with 05.patch?
Issue History
Date Modified Username Field Change
======================================================================
2011-02-04 09:40 bbeers Note Added: 0131501
======================================================================
More information about the asterisk-bugs
mailing list