[Asterisk-code-review] SRTP: Lower SDES key lifetime minimum to 2^20 (asterisk[13])

George Joseph asteriskteam at digium.com
Wed Jul 18 10:21:19 CDT 2018 

George Joseph has submitted this change and it was merged. ( https://gerrit.asterisk.org/9500 )

Change subject: SRTP: Lower SDES key lifetime minimum to 2^20
......................................................................

SRTP: Lower SDES key lifetime minimum to 2^20

SRTP SDES key lifetime support was added in ASTERISK_17899.

In that addition, the minimum key lifetime to be accepted was
set at the 10 hours @ 20ms/packet = 1800000 packets.

The firmware in the obi1xx ATA uses a hardcoded lifetime of
2^20 packets.

Lower the limit to 2^20 to support a wider field of clients.

ASTERISK-27967 #close

Change-Id: I81a0703c595a0c9101dfdf02300149a3cc39bf94
---
M main/sdp_srtp.c
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve
  George Joseph: Looks good to me, approved; Approved for Submit



diff --git a/main/sdp_srtp.c b/main/sdp_srtp.c
index 4116f20..2b83eee 100644
--- a/main/sdp_srtp.c
+++ b/main/sdp_srtp.c
@@ -322,8 +322,8 @@
 				sdes_lifetime = n_lifetime;
 			}
 
-			/* Accept anything above 10 hours. Less than 10; reject. */
-			if (sdes_lifetime < 1800000) {
+			/* Accept anything above ~5.8 hours. Less than ~5.8; reject. */
+			if (sdes_lifetime < 1048576) {
 				ast_log(LOG_NOTICE, "Rejecting crypto attribute '%s': lifetime '%f' too short\n", attr, sdes_lifetime);
 				continue;
 			}

-- 
To view, visit https://gerrit.asterisk.org/9500
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: merged
Gerrit-Change-Id: I81a0703c595a0c9101dfdf02300149a3cc39bf94
Gerrit-Change-Number: 9500
Gerrit-PatchSet: 2
Gerrit-Owner: Nick French <naf at ou.edu>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Nick French <naf at ou.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180718/7765f1f9/attachment-0001.html>

More information about the asterisk-code-review mailing list