res_srtp: Disable parsing of not enabled cryptos
When compiled without extended srtp crypto suites also disable parsing these from received SDP. This prevents using these, as some client implementations are not stable. ASTERISK-29625 Change-Id: I7dafb29be1cdaabdc984002573f4bea87520533a
This commit is contained in:
parent
689c703b2c
commit
c1a575907b
|
@ -275,7 +275,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
|
|||
crypto_policy_set_aes_cm_128_hmac_sha1_32(p);
|
||||
return 0;
|
||||
|
||||
#ifdef HAVE_SRTP_192
|
||||
#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
|
||||
case AST_AES_CM_192_HMAC_SHA1_80:
|
||||
crypto_policy_set_aes_cm_192_hmac_sha1_80(p);
|
||||
return 0;
|
||||
|
@ -284,7 +284,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
|
|||
crypto_policy_set_aes_cm_192_hmac_sha1_32(p);
|
||||
return 0;
|
||||
#endif
|
||||
#ifdef HAVE_SRTP_256
|
||||
#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
|
||||
case AST_AES_CM_256_HMAC_SHA1_80:
|
||||
crypto_policy_set_aes_cm_256_hmac_sha1_80(p);
|
||||
return 0;
|
||||
|
@ -293,18 +293,19 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
|
|||
crypto_policy_set_aes_cm_256_hmac_sha1_32(p);
|
||||
return 0;
|
||||
#endif
|
||||
#ifdef HAVE_SRTP_GCM
|
||||
#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
|
||||
case AST_AES_GCM_128:
|
||||
crypto_policy_set_aes_gcm_128_16_auth(p);
|
||||
return 0;
|
||||
|
||||
case AST_AES_GCM_256:
|
||||
crypto_policy_set_aes_gcm_256_16_auth(p);
|
||||
return 0;
|
||||
|
||||
case AST_AES_GCM_128_8:
|
||||
crypto_policy_set_aes_gcm_128_8_auth(p);
|
||||
return 0;
|
||||
#endif
|
||||
#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
|
||||
case AST_AES_GCM_256:
|
||||
crypto_policy_set_aes_gcm_256_16_auth(p);
|
||||
return 0;
|
||||
|
||||
case AST_AES_GCM_256_8:
|
||||
crypto_policy_set_aes_gcm_256_8_auth(p);
|
||||
|
@ -880,7 +881,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
|
|||
suite_val = AST_AES_CM_128_HMAC_SHA1_32;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_32);
|
||||
key_len_expected = 30;
|
||||
#ifdef HAVE_SRTP_192
|
||||
#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
|
||||
} else if (!strcmp(suite, "AES_192_CM_HMAC_SHA1_80")) {
|
||||
suite_val = AST_AES_CM_192_HMAC_SHA1_80;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
|
||||
|
@ -905,7 +906,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
|
|||
ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
|
||||
key_len_expected = 38;
|
||||
#endif
|
||||
#ifdef HAVE_SRTP_256
|
||||
#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
|
||||
} else if (!strcmp(suite, "AES_256_CM_HMAC_SHA1_80")) {
|
||||
suite_val = AST_AES_CM_256_HMAC_SHA1_80;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
|
||||
|
@ -930,21 +931,24 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
|
|||
ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
|
||||
key_len_expected = 46;
|
||||
#endif
|
||||
#ifdef HAVE_SRTP_GCM
|
||||
#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
|
||||
} else if (!strcmp(suite, "AEAD_AES_128_GCM")) {
|
||||
suite_val = AST_AES_GCM_128;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
|
||||
key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
|
||||
/* RFC contained a (too) short auth tag for RTP media, some still use that */
|
||||
} else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
|
||||
suite_val = AST_AES_GCM_128_8;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
|
||||
key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
|
||||
#endif
|
||||
#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
|
||||
} else if (!strcmp(suite, "AEAD_AES_256_GCM")) {
|
||||
suite_val = AST_AES_GCM_256;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_AES_256);
|
||||
key_len_expected = AES_256_GCM_KEYSIZE_WSALT;
|
||||
/* RFC contained a (too) short auth tag for RTP media, some still use that */
|
||||
} else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
|
||||
suite_val = AST_AES_GCM_128_8;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
|
||||
key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
|
||||
} else if (!strcmp(suite, "AEAD_AES_256_GCM_8")) {
|
||||
suite_val = AST_AES_GCM_256_8;
|
||||
ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
|
||||
|
|
Loading…
Reference in New Issue