[asterisk-bugs] [JIRA] (ASTERISK-26979) res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Wed May 3 14:08:57 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-26979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp updated ASTERISK-26979:
-----------------------------------
Severity: Major (was: Critical)
> res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110
> -----------------------------------------------------------------------------
>
> Key: ASTERISK-26979
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26979
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_rtp_asterisk, Resources/res_srtp
> Affects Versions: 13.15.0
> Reporter: Javier Riveros
> Attachments: Logs_config_packets_captures.zip
>
>
> As soon as I give it a try to RTCP-MUX in webRTC-land I start getting those warnings.
> I take a look to srtp library and libsrtp error err_status_auth_fail (see crypto/include/err.h, enum err_status_t) for version 1.5.x . It usually means that a wrong key is used to decrypt or a packet is modified after encryption (so computed auth tag doesn't match the one from the packet) normally an "authentication failure".
> So in asterisk looks like this warnning is being fire on 10 packets or 110 pkts
> in res_srtp.c.
> {code}
> if (res != err_status_ok && res != err_status_replay_fail ) {
> if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) {
> ast_log(AST_LOG_WARNING, "SRTP unprotect failed with: %s %d\n", srtp_errstr(res), srtp->warned);
> srtp->warned = 11;
> } else {
> srtp->warned++;
> }
> errno = EAGAIN;
> return -1;
> }
> {code}
> Call example.
> ASTERISK (tcp)-> (tcp) SIP-proxy (WS) -> (WS) WebRTC.
> {code}
> call start at : 2017-05-02T17:36:35Z
> - First log (warining)
>
> [2017-05-02 17:37:06.005] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 10
> --second log (warining)
> [2017-05-02 17:41:17.601] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 110
> --call ends at
> ~2017-05-02T17:42:25Z
> {code}
> asterisk version: 13.15.0
> libsrtp : libsrtp0-dev (1.5.0)
> pjsip: (using pjsip bundle) v2.6
> openssl: 1.0.2g-1ubuntu4.6
> O.S : ubuntu 14.04.1
> Browser: chrome 56,57,58 (windows/linux/mac)
> I will attach the logs, config, packet captures.
> If more info is needed let me know.
> Thanks,
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list