[Asterisk-code-review] srtp: lower sdes key lifetime minimum to 2^20 (asterisk[15])
Nick French
asteriskteam at digium.com
Tue Jul 17 14:13:16 CDT 2018
Nick French has uploaded this change for review. ( https://gerrit.asterisk.org/9501
Change subject: srtp: lower sdes key lifetime minimum to 2^20
......................................................................
srtp: lower sdes key lifetime minimum to 2^20
SRTP SDES key lifetime support was added in ASTERISK-17899.
In that addition, the minimum key lifetime to be accepted was
set at the 10 hours @ 20ms/packet = 1800000 packets.
The firmware in the obi1xx ATA uses a hardcoded lifetime
of 2^20 packets.
Lower the limit to 2^20 to support a wider field of clients.
ASTERISK-27967 #close
Change-Id: Ifa6fe72dd12ddc5a66504f489daa1c7328e989bb
---
M res/res_srtp.c
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/01/9501/1
diff --git a/res/res_srtp.c b/res/res_srtp.c
index b92019c..7552a7a 100644
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -980,8 +980,8 @@
sdes_lifetime = n_lifetime;
}
- /* Accept anything above 10 hours. Less than 10; reject. */
- if (sdes_lifetime < 1800000) {
+ /* Accept anything above ~5.8 hours. Less than ~5.8; reject. */
+ if (sdes_lifetime < 1048576) {
ast_log(LOG_NOTICE, "Rejecting crypto attribute '%s': lifetime '%f' too short\n", attr, sdes_lifetime);
continue;
}
--
To view, visit https://gerrit.asterisk.org/9501
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifa6fe72dd12ddc5a66504f489daa1c7328e989bb
Gerrit-Change-Number: 9501
Gerrit-PatchSet: 1
Gerrit-Owner: Nick French <naf at ou.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180717/e7c35403/attachment.html>
More information about the asterisk-code-review
mailing list