[asterisk-bugs] [JIRA] (ASTERISK-27436) rtp openssl errors

Joshua Colp (JIRA) noreply at issues.asterisk.org
Fri Dec 22 08:17:41 CST 2017 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-27436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-27436:
-----------------------------------

    Assignee: Jørgen H  (was: Unassigned)
      Status: Waiting for Feedback  (was: Triage)

We need to see a wireshark capture to see the actual negotiation that is happening and when things are occurring.

As for your question about len that's because we don't actually use it for sending or receiving data. It's strictly used for a DTLS negotiation. The DTLS negotiation itself provides keying information which is fed to SRTP which does the encryption and decryption.

> rtp openssl errors
> ------------------
>
>                 Key: ASTERISK-27436
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27436
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: GIT, 15.1.2
>         Environment: linux 4.9 x64, pjsip 2.7.1, libsrtp 2.1.0, openssl 1.0.2m
>            Reporter: Jørgen H
>            Assignee: Jørgen H
>
> The openssl SSL_read(dtls->ssl) function in __rtp_recvfrom() in file res/res_rtp_asterisk.c fail with errors like 
> error:140FC0F4:SSL routines:dtls1_get_message:unexpected message
> and
> error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call
> The error seem to be caused by multiple calls to SSL_set_connect_state which is placed around in several functions.
> If I comment out the ones in function dtls_set_setup() I dont get the openssl error anymore, but I randomly get calls with silent audio and no new errors. Probably a race condition? Also, the data from the SSL_read()-call isn't processed anywhere because the len-variable isn't used afterwards. Is this supposed to be like that ?
> I also sometimes get
> SRTP unprotect failed on SSRC 2044349143 because of authentication failure 160
> regardless if audio work or not.
> There is a check in function dtls_perform_setup() on SSL_is_init_finished() and a SSL_clear() later. A SSL session doesnt have to be init_finished in order to have a state that needs to be cleared if you want to reuse it, but Im not sure if the code is trying to do that. Also if ssl_shutdown was called, there might be data in the BIO that must be either sent to remote or cleared with BIO_reset().



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list