From d10f98510e816f59ba90467479444955e0a550c6 Mon Sep 17 00:00:00 2001 From: landry Date: Fri, 11 Jun 2021 15:28:13 +0000 Subject: [PATCH] add AES-GCM constants from RFC 7714 for SRTP SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP protection profiles - seen with an update of telephony/baresip i'm working on. adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45 ok tb@ jsing@ --- lib/libssl/d1_srtp.c | 10 +++++++++- lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 | 8 ++++++-- lib/libssl/srtp.h | 6 +++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c index cbdb4a6144c..70f9453f5f8 100644 --- a/lib/libssl/d1_srtp.c +++ b/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.28 2021/05/16 13:56:30 jsing Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.29 2021/06/11 15:28:13 landry Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -136,6 +136,14 @@ static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { "SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32, }, + { + "SRTP_AEAD_AES_128_GCM", + SRTP_AEAD_AES_128_GCM, + }, + { + "SRTP_AEAD_AES_256_GCM", + SRTP_AEAD_AES_256_GCM, + }, {0} }; diff --git a/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 b/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 index c194a59d4b9..f936f01d7bb 100644 --- a/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 +++ b/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.5 2021/06/11 15:28:14 landry Exp $ .\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 .\" .\" This file was written by Matt Caswell . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 12 2019 $ +.Dd $Mdocdate: June 11 2021 $ .Dt SSL_CTX_SET_TLSEXT_USE_SRTP 3 .Os .Sh NAME @@ -113,6 +113,10 @@ The currently supported protection profile names are: This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764. .It Dv SRTP_AES128_CM_SHA1_32 This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764. +.It Dv SRTP_AEAD_AES_128_GCM +This corresponds to SRTP_AEAD_AES_128_GCM defined in RFC7714. +.It Dv SRTP_AEAD_AES_256_GCM +This corresponds to SRTP_AEAD_AES_256_GCM defined in RFC7714. .El .Pp Supplying an unrecognised protection profile name results in an error. diff --git a/lib/libssl/srtp.h b/lib/libssl/srtp.h index 6daa02a791c..89ce8620208 100644 --- a/lib/libssl/srtp.h +++ b/lib/libssl/srtp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */ +/* $OpenBSD: srtp.h,v 1.7 2021/06/11 15:28:13 landry Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -129,6 +129,10 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +/* AEAD SRTP protection profiles from RFC 7714 */ +#define SRTP_AEAD_AES_128_GCM 0x0007 +#define SRTP_AEAD_AES_256_GCM 0x0008 + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); -- 2.20.1