[asterisk-bugs] [JIRA] (ASTERISK-30343) res_crypto: ast_sign_bin fails

Michael Newton (JIRA) noreply at issues.asterisk.org
Thu Dec 8 13:03:51 CST 2022 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-30343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=260850#comment-260850 ] 

Michael Newton commented on ASTERISK-30343:
-------------------------------------------

Understood, you have to draw the line somewhere. I would like to see support timelines kept in mind when committing potentially breaking changes like this to a branch that's soon to lose support. The rewrite was certainly needed for branches that are going forward, but 16 could have continued just fine with OpenSSL 3.0 and the deprecated functions.

I've tried to quickly reproduce in 18 but it doesn't even want to load my keys at all, for whatever reason. I will have time to dig into it in a few weeks if it's still needed. I'm not a C programmer, but I do know how to fumble my way around gdb, and can hopefully find where this patch broke things. We package our own RPMs so can backport it, even if it doesn't make its way into a release.


> res_crypto: ast_sign_bin fails
> ------------------------------
>
>                 Key: ASTERISK-30343
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30343
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_crypto
>    Affects Versions: 16.29.0, 18.15.1, 20.0.1
>         Environment: Alma Linux 9.1
>            Reporter: Michael Newton
>            Severity: Major
>
> After upgrade from 16.28 to 16.29 our dundi queries stopped working with this error output:
> {noformat}
> WARNING[100840]: res_crypto.c:384 ast_sign_bin: RSA Signature (key gateway) failed -1
> NOTICE[100840]: pbx_dundi.c:1366 update_key: Failed to sign key (-1)!
> NOTICE[100840]: pbx_dundi.c:3376 dundi_send: Failed to send packet to '00:50:56:ae:13:23'
> {noformat}
> This appears to be a regression resulting from changes in ASTERISK-30046.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list