[asterisk-security] [asterisk-dev] [Code Review] Fix SRTP for changing SSRC and multiple a=crypto SDP lines
Russell Bryant
russell at digium.com
Wed Sep 1 13:38:30 CDT 2010
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/878/#review2651
-----------------------------------------------------------
Ship it!
- Russell
On 2010-08-26 01:29:16, Terry Wilson wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/878/
> -----------------------------------------------------------
>
> (Updated 2010-08-26 01:29:16)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> Adding code to Asterisk that changed the SSRC during bridges and masquerades broke SRTP functionality. Also broken was handling the situation where an incoming INVITE had more than one crypto offer. This patch caches the SRTP policies the we use so that we can change the ssrc and inform libsrtp of the new streams. It also uses the first acceptable a=crypto line from the incoming INVITE.
>
>
> This addresses bug 17563.
> https://issues.asterisk.org/view.php?id=17563
>
>
> Diffs
> -----
>
> /branches/1.8/channels/chan_sip.c 283320
> /branches/1.8/include/asterisk/res_srtp.h 283320
> /branches/1.8/main/rtp_engine.c 283320
> /branches/1.8/res/res_rtp_asterisk.c 283320
> /branches/1.8/res/res_srtp.c 283320
>
> Diff: https://reviewboard.asterisk.org/r/878/diff
>
>
> Testing
> -------
>
> I tested by 1) Setting up Polycom phones to send two a=crypto lines 2) Changing SIP hold/unhold to call the rtp change_source callback to verify that changing source worked 3) Doing transfers that would cause a masquerade and therefore a source change 4) astobj2 show stats to verify that there were no object leaks with the above tests.
>
>
> Thanks,
>
> Terry
>
>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
More information about the asterisk-security
mailing list