[asterisk-bugs] [JIRA] (ASTERISK-29625) srtp cryptos accepted if not enabled

Alexander Traud (JIRA) noreply at issues.asterisk.org
Mon Sep 13 04:27:34 CDT 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=256273#comment-256273 ] 

Alexander Traud commented on ASTERISK-29625:
--------------------------------------------

Not sure why the Asterisk Team did not
* specify ASTERISK-26190 as the causing/related issue in Jira and
* invited the author of that code, me, to the code review in Gerrit.

I cannot monitor Jira and Gerrit for code changes related to me all day long. Beside that, the previous behavior was on purpose, AES-256 and AES-GCM were enabled on default, because there are VoIP/SIP clients which can be configured to offer no AES-128. Consequently this change here removes compatibility while its adds compatibility (by simply turning off a feature which should work automatically). At least, this change here should be mentioned in the CHANGES document. Anyway, back to the originating issue:

[~jasper.hafkenscheid] can you give more detail (or are those originating issues documented somewhere?) with which device model, firmware version, and in which call scenario you face those errors? I believe you. However, I tested AVM FRITZ!Box and Grandstream quite extensively and did not face those, yet. If those platforms face software bugs, those have to be investigated and reported to its companies as well. I love to report those software bugs on my behalf and take over from here, but first I have to reproduce/understand them myself.

> srtp cryptos accepted if not enabled
> ------------------------------------
>
>                 Key: ASTERISK-29625
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29625
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_srtp
>    Affects Versions: 18.6.0
>         Environment: Debian Buster with the default libsrtp 2.2.0.
>            Reporter: Jasper Hafkenscheid
>            Assignee: Jasper Hafkenscheid
>
> When compiled with {{HAVE_SRTP_256}} enabled (by configure), and without {{ENABLE_SRTP_AES_256}}, received crypto lines are still parsed and used.
> We experienced several devices that did not work happily with 256 bit encryption, such as certain Fritz!box, Grandstream and Tiptel. Either having no audio or have it be disrupted after a couple of minutes.
> The fix we applied is to use verify {{ENABLE_SRTP_AES_256}} as well as {{HAVE_SRTP_256}} are defined when parsing the SDP in {{res_sdp_crypto_parse_offer}}. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list