From: Dmitry Sobinov <sobinoff@gmail.com>
Date: Sat, 2 Jan 2016 11:32:36 +0000 (+1100)
Subject: Add new DTLS-SRTP protection profiles from RFC 7714
X-Git-Tag: OpenSSL_1_1_0-pre3~269
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43e5faa2539ae8aae6ef55be2239b9b1a77fea45;p=thirdparty%2Fopenssl.git

Add new DTLS-SRTP protection profiles from RFC 7714

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h
index 1f5aed21ff..da9369ec2e 100644
--- a/include/openssl/srtp.h
+++ b/include/openssl/srtp.h
@@ -129,6 +129,10 @@ extern "C" {
 # define SRTP_NULL_SHA1_80      0x0005
 # define SRTP_NULL_SHA1_32      0x0006
 
+/* AEAD SRTP protection profiles from RFC 7714 */
+# define SRTP_AEAD_AES_128_GCM  0x0007
+# define SRTP_AEAD_AES_256_GCM  0x0008
+
 # ifndef OPENSSL_NO_SRTP
 
 __owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 587a592e82..f969fb10b1 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -128,6 +128,14 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
      "SRTP_AES128_CM_SHA1_32",
      SRTP_AES128_CM_SHA1_32,
      },
+    {
+     "SRTP_AEAD_AES_128_GCM",
+     SRTP_AEAD_AES_128_GCM
+     },
+    {
+     "SRTP_AEAD_AES_256_GCM",
+     SRTP_AEAD_AES_256_GCM
+     },
     {0}
 };