res_srtp: Disable parsing of not enabled cryptos

author Jasper Hafkenscheid <jasper.hafkenscheid@wearespindle.com>

Fri, 3 Sep 2021 05:30:59 +0000 (07:30 +0200)

committer Kevin Harwell <kharwell@digium.com>

Wed, 8 Sep 2021 23:28:59 +0000 (18:28 -0500)
author Jasper Hafkenscheid <jasper.hafkenscheid@wearespindle.com>
Fri, 3 Sep 2021 05:30:59 +0000 (07:30 +0200)
committer Kevin Harwell <kharwell@digium.com>
Wed, 8 Sep 2021 23:28:59 +0000 (18:28 -0500)
diff --git a/res/res_srtp.c b/res/res_srtp.c

index 3519def7ed267a073536e1ae00a6e98e1fdbaf8e..cdd95af3a3f3445539c160bffed76d8ed7702bb9 100644 (file)
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -275,7 +275,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
                 crypto_policy_set_aes_cm_128_hmac_sha1_32(p);
                 return 0;
  
-#ifdef HAVE_SRTP_192
+#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
         case AST_AES_CM_192_HMAC_SHA1_80:
                 crypto_policy_set_aes_cm_192_hmac_sha1_80(p);
                 return 0;
@@ -284,7 +284,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
                 crypto_policy_set_aes_cm_192_hmac_sha1_32(p);
                 return 0;
  #endif
-#ifdef HAVE_SRTP_256
+#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
         case AST_AES_CM_256_HMAC_SHA1_80:
                 crypto_policy_set_aes_cm_256_hmac_sha1_80(p);
                 return 0;
@@ -293,18 +293,19 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
                 crypto_policy_set_aes_cm_256_hmac_sha1_32(p);
                 return 0;
  #endif
-#ifdef HAVE_SRTP_GCM
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
         case AST_AES_GCM_128:
                 crypto_policy_set_aes_gcm_128_16_auth(p);
                 return 0;
  
-       case AST_AES_GCM_256:
-               crypto_policy_set_aes_gcm_256_16_auth(p);
-               return 0;
-
         case AST_AES_GCM_128_8:
                 crypto_policy_set_aes_gcm_128_8_auth(p);
                 return 0;
+#endif
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
+       case AST_AES_GCM_256:
+               crypto_policy_set_aes_gcm_256_16_auth(p);
+               return 0;
  
         case AST_AES_GCM_256_8:
                 crypto_policy_set_aes_gcm_256_8_auth(p);
@@ -880,7 +881,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
                 suite_val = AST_AES_CM_128_HMAC_SHA1_32;
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_32);
                 key_len_expected = 30;
-#ifdef HAVE_SRTP_192
+#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
         } else if (!strcmp(suite, "AES_192_CM_HMAC_SHA1_80")) {
                 suite_val = AST_AES_CM_192_HMAC_SHA1_80;
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
@@ -905,7 +906,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
                 key_len_expected = 38;
  #endif
-#ifdef HAVE_SRTP_256
+#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
         } else if (!strcmp(suite, "AES_256_CM_HMAC_SHA1_80")) {
                 suite_val = AST_AES_CM_256_HMAC_SHA1_80;
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
@@ -930,21 +931,24 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
                 key_len_expected = 46;
  #endif
-#ifdef HAVE_SRTP_GCM
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
         } else if (!strcmp(suite, "AEAD_AES_128_GCM")) {
                 suite_val = AST_AES_GCM_128;
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
                 key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
+       /* RFC contained a (too) short auth tag for RTP media, some still use that */
+       } else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
+               suite_val = AST_AES_GCM_128_8;
+               ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
+               key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
+#endif
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
         } else if (!strcmp(suite, "AEAD_AES_256_GCM")) {
                 suite_val = AST_AES_GCM_256;
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_AES_256);
                 key_len_expected = AES_256_GCM_KEYSIZE_WSALT;
         /* RFC contained a (too) short auth tag for RTP media, some still use that */
-       } else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
-               suite_val = AST_AES_GCM_128_8;
-               ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
-               key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
         } else if (!strcmp(suite, "AEAD_AES_256_GCM_8")) {
                 suite_val = AST_AES_GCM_256_8;
                 ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
author	Jasper Hafkenscheid <jasper.hafkenscheid@wearespindle.com>
	Fri, 3 Sep 2021 05:30:59 +0000 (07:30 +0200)
committer	Kevin Harwell <kharwell@digium.com>
	Wed, 8 Sep 2021 23:28:59 +0000 (18:28 -0500)