diff --git a/res/res_srtp.c b/res/res_srtp.c index 3519def7ed..cdd95af3a3 100644 --- a/res/res_srtp.c +++ b/res/res_srtp.c @@ -275,7 +275,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite) crypto_policy_set_aes_cm_128_hmac_sha1_32(p); return 0; -#ifdef HAVE_SRTP_192 +#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192) case AST_AES_CM_192_HMAC_SHA1_80: crypto_policy_set_aes_cm_192_hmac_sha1_80(p); return 0; @@ -284,7 +284,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite) crypto_policy_set_aes_cm_192_hmac_sha1_32(p); return 0; #endif -#ifdef HAVE_SRTP_256 +#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256) case AST_AES_CM_256_HMAC_SHA1_80: crypto_policy_set_aes_cm_256_hmac_sha1_80(p); return 0; @@ -293,18 +293,19 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite) crypto_policy_set_aes_cm_256_hmac_sha1_32(p); return 0; #endif -#ifdef HAVE_SRTP_GCM +#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) case AST_AES_GCM_128: crypto_policy_set_aes_gcm_128_16_auth(p); return 0; - case AST_AES_GCM_256: - crypto_policy_set_aes_gcm_256_16_auth(p); - return 0; - case AST_AES_GCM_128_8: crypto_policy_set_aes_gcm_128_8_auth(p); return 0; +#endif +#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256) + case AST_AES_GCM_256: + crypto_policy_set_aes_gcm_256_16_auth(p); + return 0; case AST_AES_GCM_256_8: crypto_policy_set_aes_gcm_256_8_auth(p); @@ -880,7 +881,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s suite_val = AST_AES_CM_128_HMAC_SHA1_32; ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_32); key_len_expected = 30; -#ifdef HAVE_SRTP_192 +#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192) } else if (!strcmp(suite, "AES_192_CM_HMAC_SHA1_80")) { suite_val = AST_AES_CM_192_HMAC_SHA1_80; ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80); @@ -905,7 +906,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME); key_len_expected = 38; #endif -#ifdef HAVE_SRTP_256 +#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256) } else if (!strcmp(suite, "AES_256_CM_HMAC_SHA1_80")) { suite_val = AST_AES_CM_256_HMAC_SHA1_80; ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80); @@ -930,21 +931,24 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME); key_len_expected = 46; #endif -#ifdef HAVE_SRTP_GCM +#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) } else if (!strcmp(suite, "AEAD_AES_128_GCM")) { suite_val = AST_AES_GCM_128; ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16); key_len_expected = AES_128_GCM_KEYSIZE_WSALT; + /* RFC contained a (too) short auth tag for RTP media, some still use that */ + } else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) { + suite_val = AST_AES_GCM_128_8; + ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8); + key_len_expected = AES_128_GCM_KEYSIZE_WSALT; +#endif +#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256) } else if (!strcmp(suite, "AEAD_AES_256_GCM")) { suite_val = AST_AES_GCM_256; ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16); ast_set_flag(srtp, AST_SRTP_CRYPTO_AES_256); key_len_expected = AES_256_GCM_KEYSIZE_WSALT; /* RFC contained a (too) short auth tag for RTP media, some still use that */ - } else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) { - suite_val = AST_AES_GCM_128_8; - ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8); - key_len_expected = AES_128_GCM_KEYSIZE_WSALT; } else if (!strcmp(suite, "AEAD_AES_256_GCM_8")) { suite_val = AST_AES_GCM_256_8; ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);