From: Nick French <naf@ou.edu>
Date: Tue, 17 Jul 2018 18:56:40 +0000 (-0500)
Subject: SRTP: Lower SDES key lifetime minimum to 2^20
X-Git-Tag: 13.23.0-rc1~72^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a0847cfc6438fc7bed9494d358fdf75d44c9af7;p=thirdparty%2Fasterisk.git

SRTP: Lower SDES key lifetime minimum to 2^20

SRTP SDES key lifetime support was added in ASTERISK_17899.

In that addition, the minimum key lifetime to be accepted was
set at the 10 hours @ 20ms/packet = 1800000 packets.

The firmware in the obi1xx ATA uses a hardcoded lifetime of
2^20 packets.

Lower the limit to 2^20 to support a wider field of clients.

ASTERISK-27967 #close

Change-Id: I81a0703c595a0c9101dfdf02300149a3cc39bf94
---

diff --git a/main/sdp_srtp.c b/main/sdp_srtp.c
index 4116f20ccb..2b83eee3cf 100644
--- a/main/sdp_srtp.c
+++ b/main/sdp_srtp.c
@@ -322,8 +322,8 @@ int ast_sdp_crypto_process(struct ast_rtp_instance *rtp, struct ast_sdp_srtp *sr
 				sdes_lifetime = n_lifetime;
 			}
 
-			/* Accept anything above 10 hours. Less than 10; reject. */
-			if (sdes_lifetime < 1800000) {
+			/* Accept anything above ~5.8 hours. Less than ~5.8; reject. */
+			if (sdes_lifetime < 1048576) {
 				ast_log(LOG_NOTICE, "Rejecting crypto attribute '%s': lifetime '%f' too short\n", attr, sdes_lifetime);
 				continue;
 			}