add AES-GCM constants from RFC 7714 for SRTP

SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.

adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45

ok tb@ jsing@

diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c
index cbdb4a6..70f9453 100644 (file)
--- a/lib/libssl/d1_srtp.c
+++ b/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.28 2021/05/16 13:56:30 jsing Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.29 2021/06/11 15:28:13 landry Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -136,6 +136,14 @@ static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
                "SRTP_AES128_CM_SHA1_32",
                SRTP_AES128_CM_SHA1_32,
        },
+       {
+               "SRTP_AEAD_AES_128_GCM",
+               SRTP_AEAD_AES_128_GCM,
+       },
+       {
+               "SRTP_AEAD_AES_256_GCM",
+               SRTP_AEAD_AES_256_GCM,
+       },
        {0}
 };
 

diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 b/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3
index c194a59..f936f01 100644 (file)
--- a/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3
+++ b/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.5 2021/06/11 15:28:14 landry Exp $
 .\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 12 2019 $
+.Dd $Mdocdate: June 11 2021 $
 .Dt SSL_CTX_SET_TLSEXT_USE_SRTP 3
 .Os
 .Sh NAME
@@ -113,6 +113,10 @@ The currently supported protection profile names are:
 This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764.
 .It Dv SRTP_AES128_CM_SHA1_32
 This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764.
+.It Dv SRTP_AEAD_AES_128_GCM
+This corresponds to SRTP_AEAD_AES_128_GCM defined in RFC7714.
+.It Dv SRTP_AEAD_AES_256_GCM
+This corresponds to SRTP_AEAD_AES_256_GCM defined in RFC7714.
 .El
 .Pp
 Supplying an unrecognised protection profile name results in an error.

diff --git a/lib/libssl/srtp.h b/lib/libssl/srtp.h
index 6daa02a..89ce862 100644 (file)
--- a/lib/libssl/srtp.h
+++ b/lib/libssl/srtp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */
+/* $OpenBSD: srtp.h,v 1.7 2021/06/11 15:28:13 landry Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -129,6 +129,10 @@ extern "C" {
 #define SRTP_NULL_SHA1_80      0x0005
 #define SRTP_NULL_SHA1_32      0x0006
 
+/* AEAD SRTP protection profiles from RFC 7714 */
+#define SRTP_AEAD_AES_128_GCM  0x0007
+#define SRTP_AEAD_AES_256_GCM  0x0008
+
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
 int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);