[Bug 350732] [NEW] IAX2 encryption: calls end abrutly due to normal packet loss
Jon Charge
scream at nonvocalscream.com
Sun Mar 29 06:24:52 BST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
François Marier wrote:
> Public bug reported:
>
> Binary package hint: asterisk
>
> As described upstream, IAX2 encryption is broken in the Jaunty
> version of asterisk:
>
> If an iax channel is encrypted, and a retransmit frame is sent,
> that packet's iseqno is updated while it is encrypted. This causes
> the entire frame to be corrupted. When the corrupted frame is sent,
> the other side decrypts it and sends a VNAK back because the
> decrypted frame doesn't make any sense. When we get the VNAK, we
> look through the sent queue and send the same corrupted frame
> causing a loop. To fix this, encrypted frames requiring
> retransmission are decrypted, updated, then re-encrypted. Since
> key-rotation may change the key held by the pvt struct, the keys
> used for encryption/decryption are held within the iax_frame to
> guarantee they remain correct.
>
> This makes it practically impossible to turn IAX2 encryption in
> most of my calls because the connection constantly cuts off. So
> it's a very serious bug for anybody using encryption with Asterisk.
>
>
> I have attached a debdiff which applies the upstream patch on the
> current Jaunty version.
>
> ** Affects: asterisk Importance: Unknown Status: Unknown
>
> ** Affects: asterisk (Ubuntu) Importance: Undecided Status: New
>
> ** Affects: asterisk (Debian) Importance: Unknown Status: Unknown
>
status confirmed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAknPBhwACgkQR7/9CWL6/5jazQCfcAi/wy6auKz31BlOAyWvOgCE
OxIAoKh/FYyFIyXNilS9RwnHPnz1Mbin
=TCCN
-----END PGP SIGNATURE-----
--
IAX2 encryption: calls end abrutly due to normal packet loss
https://bugs.launchpad.net/bugs/350732
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list