The patch for ASTERISK-19253 included properly shutting down the libsrtp
library in the case of module unload. Unfortunately, not all distributions
have the srtp_shutdown call. As such, this patch removes calling
srtp_shutdown.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@356650 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Currently, when using res_srtp, once the SRTP policy has been added to the
current session the policy is locked into place. Any attempt to replace an
existing policy, which would be needed if the remote endpoint negotiated a new
cryptographic key, is instead rejected in res_srtp. This happens in particular
in transfer scenarios, where the endpoint that Asterisk is communicating with
changes but uses the same RTP session.
This patch modifies res_srtp to allow remote and local policies to be reloaded
in the underlying SRTP library. From the perspective of users of the SRTP API,
the only change is that the adding of remote and local policies are now added
in a single method call, whereas they previously were added separately. This
was changed to account for the differences in handling remote and local
policies in libsrtp.
Review: https://reviewboard.asterisk.org/r/1741/
(closes issue ASTERISK-19253)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
Patches:
srtp_renew_keys_2012_02_22.diff uploaded by Matt Jordan (license 6283)
(with some small modifications for this check-in)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@356604 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The function ast_srtp_protect used a common buffer for both SRTP and SRTCP
packets. Since this function can be called from multiple threads for the same
SRTP session (scheduler for SRTCP and channel for SRTP) it was possible for the
packets to become corrupted as the buffer was used by both threads
simultaneously.
This patch adds a separate buffer for SRTCP packets to avoid the problem.
(closes issue ASTERISK-18889, Reported/patch by Daniel Collins)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@347995 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The first 9 frames are not reported as some devices dont use srtp
from first frame these are suppresed.
the warning is then output only once every 100 frames.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@337541 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This patch adds information about the encryption setting to 'sip show
peers' and removes an out-of-date comment from res_srtp.c and instead
directs users to the proper documentation.
(closes issue #18140)
Reported by: chodorenko
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@292309 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This avoids unhappy crashing when we try to 'core stop gracefully' and res_srtp
tries to unload before chan_sip does. Thanks, Russell!
(closes issue #18085)
Reported by: st
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@292016 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Also make it more obvious when there is an issue en/decrypting.
(closes issue #17563)
Reported by: Alexcr
Patches:
res_srtp.c.patch uploaded by sfritsch (license 1089)
Tested by: twilson
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@287056 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Adding code to Asterisk that changed the SSRC during bridges and masquerades
broke SRTP functionality. Also broken was handling the situation where an
incoming INVITE had more than one crypto offer. This patch caches the SRTP
policies the we use so that we can change the ssrc and inform libsrtp of the
new streams. It also uses the first acceptable a=crypto line from the incoming
INVITE.
(closes issue #17563)
Reported by: Alexcr
Patches:
srtp.diff uploaded by twilson (license 396)
Tested by: twilson
Review: https://reviewboard.asterisk.org/r/878/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@284477 65c4cc65-6c06-0410-ace0-fbb531ad65f3
After 5 years in mantis and over a year on reviewboard, SRTP support is finally
being comitted. This includes generic CHANNEL dialplan functions that work for
getting the status of whether a call has secure media or signaling as defined
by the underlying channel technology and for setting whether or not a new
channel being bridged to a calling channel should have secure signaling or
media. See doc/tex/secure-calls.tex for examples.
Original patch by mikma, updated for trunk and revised by me.
(closes issue #5413)
Reported by: mikma
Tested by: twilson, notthematrix, hemanshurpatel
Review: https://reviewboard.asterisk.org/r/191/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@268894 65c4cc65-6c06-0410-ace0-fbb531ad65f3
