[asterisk-bugs] [JIRA] (ASTERISK-26979) res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110

Friendly Automation (JIRA) noreply at issues.asterisk.org
Wed May 24 11:13:57 CDT 2017


    [ https://issues.asterisk.org/jira/browse/ASTERISK-26979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=237136#comment-237136 ] 

Friendly Automation commented on ASTERISK-26979:
------------------------------------------------

Change 5677 merged by Jenkins2:
res_rtp_asterisk: rtcp mux using the wrong srtp unprotecting algorithm

[https://gerrit.asterisk.org/5677|https://gerrit.asterisk.org/5677]

> res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110
> -----------------------------------------------------------------------------
>
>                 Key: ASTERISK-26979
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26979
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk, Resources/res_srtp
>    Affects Versions: 13.15.0
>            Reporter: Javier Riveros 
>            Assignee: Kevin Harwell
>         Attachments: Logs_config_packets_captures.zip
>
>
> As soon as I give it a try to RTCP-MUX in webRTC-land I start getting those warnings.
> I take a look to srtp library and libsrtp error err_status_auth_fail (see crypto/include/err.h, enum err_status_t) for version 1.5.x . It usually means that a wrong key is used to decrypt or a packet is modified after encryption (so computed auth tag doesn't match the one from the packet)  normally an "authentication failure".
> So in asterisk looks like this warnning is being fire on 10 packets or 110 pkts
> in res_srtp.c.
> {code}
> if (res != err_status_ok && res != err_status_replay_fail ) {
>                 if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) {
>                         ast_log(AST_LOG_WARNING, "SRTP unprotect failed with: %s %d\n", srtp_errstr(res), srtp->warned);
>                         srtp->warned = 11;
>                 } else {
>                         srtp->warned++;
>                 }
>                 errno = EAGAIN;
>                 return -1;
>         }
> {code}
> Call example.
> ASTERISK (tcp)-> (tcp) SIP-proxy (WS) -> (WS) WebRTC.
> {code}
> call start at : 2017-05-02T17:36:35Z
> - First log (warining)
>  
> [2017-05-02 17:37:06.005] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 10
> --second log (warining)
> [2017-05-02 17:41:17.601] WARNING[25712] res_srtp.c: SRTP unprotect failed with: authentication failure 110
> --call ends at
> ~2017-05-02T17:42:25Z
> {code}
> asterisk version: 13.15.0
> libsrtp : libsrtp0-dev (1.5.0)
> pjsip: (using pjsip bundle) v2.6
> openssl: 1.0.2g-1ubuntu4.6
> O.S : ubuntu 14.04.1
> Browser: chrome 56,57,58 (windows/linux/mac)
> I will attach the logs, config, packet captures.
> If more info is needed let me know.
> Thanks,



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list