diff options
author | Kinsey Moore <kmoore@digium.com> | 2013-07-23 13:52:06 +0000 |
---|---|---|
committer | Kinsey Moore <kmoore@digium.com> | 2013-07-23 13:52:06 +0000 |
commit | 98504fec8ee8fde7eb2a6378046f3d35bfba961a (patch) | |
tree | ef7c9014248d864c5c1e2787b632c420d81efdee /channels/chan_sip.c | |
parent | f6a227a45111d5d0e021de64799f62da6d8ae7ac (diff) |
Add DTLS-SRTP support to chan_pjsip
This patch introduces DTLS-SRTP support to chan_pjsip and the options
necessary to configure it including an option to allow choosing between
32 and 80 byte SRTP tag lengths.
During the implementation and testing of this patch, three other bugs
were found and their fixes are included with this patch. The two in
chan_sip were a segfault relating to DTLS setup and mistaken call
rejection. The third bug fix prevents chan_pjsip from attempting to
perform bridge optimization between two endpoints if either of them is
running any form of SRTP.
Review: https://reviewboard.asterisk.org/r/2683/
(closes issue ASTERISK-21419)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@395121 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels/chan_sip.c')
-rw-r--r-- | channels/chan_sip.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 62afeb061..ca4b25b7b 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -10193,6 +10193,7 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action } else if (!strcmp(protocol, "UDP/TLS/RTP/SAVP") || !strcmp(protocol, "UDP/TLS/RTP/SAVPF")) { secure_audio = 1; + processed_crypto = 1; if (p->srtp) { ast_set_flag(p->srtp, AST_SRTP_CRYPTO_OFFER_OK); } @@ -10275,6 +10276,7 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action } else if (!strcmp(protocol, "UDP/TLS/RTP/SAVP") || !strcmp(protocol, "UDP/TLS/RTP/SAVPF")) { secure_video = 1; + processed_crypto = 1; if (p->vsrtp || (p->vsrtp = ast_sdp_srtp_alloc())) { ast_set_flag(p->vsrtp, AST_SRTP_CRYPTO_OFFER_OK); } @@ -13036,13 +13038,17 @@ static void get_our_media_address(struct sip_pvt *p, int needvideo, int needtext static char *crypto_get_attrib(struct ast_sdp_srtp *srtp, int dtls_enabled, int default_taglen_32) { char *a_crypto; - char *orig_crypto; + const char *orig_crypto; - if (!srtp) { + if (!srtp || dtls_enabled) { + return NULL; + } + + orig_crypto = ast_sdp_srtp_get_attrib(srtp, dtls_enabled, default_taglen_32); + if (ast_strlen_zero(orig_crypto)) { return NULL; } - orig_crypto = ast_strdupa(ast_sdp_srtp_get_attrib(srtp, dtls_enabled, default_taglen_32)); if (ast_asprintf(&a_crypto, "a=crypto:%s\r\n", orig_crypto) == -1) { return NULL; } |